GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-02-16 20:27:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAKX-00ERMA0 rev.15.01H15 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Aoeseo\AppData\Local\Temp\uxdiqpoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002a03000 47 bytes [74, 3E, 80, 3D, 87, 63, 13, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 576 fffff80002a03030 93 bytes {MOV EDX, ESI; MOV RCX, RBP; MOV [RSP+0x20], AL; CALL 0x3b9fe0} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 000000014a640460 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 000000014a640450 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 000000014a640370 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 000000014a640470 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 000000014a6403e0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 000000014a640320 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 000000014a6403b0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 000000014a640390 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 000000014a6402e0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 000000014a6402d0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 000000014a640310 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 000000014a6403c0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 000000014a6403f0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 000000014a640230 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 000000014a640480 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 000000014a6403a0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 000000014a6402f0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 000000014a640350 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 000000014a640290 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 000000014a6402b0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 000000014a6403d0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 000000014a640330 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 000000014a640410 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 000000014a640240 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 000000014a6401e0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 000000014a640250 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 000000014a640490 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 000000014a6404a0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 000000014a640300 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 000000014a640360 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 000000014a6402a0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 000000014a6402c0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 000000014a640380 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 000000014a640340 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 000000014a640440 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 000000014a640260 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 000000014a640270 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 000000014a640400 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 000000014a6401f0 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 000000014a640210 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 000000014a640200 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 000000014a640420 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 000000014a640430 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 000000014a640220 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 000000014a640280 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\wininit.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 000000014a640460 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 000000014a640450 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 000000014a640370 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 000000014a640470 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 000000014a6403e0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 000000014a640320 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 000000014a6403b0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 000000014a640390 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 000000014a6402e0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 000000014a6402d0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 000000014a640310 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 000000014a6403c0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 000000014a6403f0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 000000014a640230 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 000000014a640480 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 000000014a6403a0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 000000014a6402f0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 000000014a640350 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 000000014a640290 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 000000014a6402b0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 000000014a6403d0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 000000014a640330 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 000000014a640410 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 000000014a640240 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 000000014a6401e0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 000000014a640250 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 000000014a640490 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 000000014a6404a0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 000000014a640300 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 000000014a640360 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 000000014a6402a0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 000000014a6402c0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 000000014a640380 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 000000014a640340 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 000000014a640440 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 000000014a640260 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 000000014a640270 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 000000014a640400 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 000000014a6401f0 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 000000014a640210 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 000000014a640200 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 000000014a640420 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 000000014a640430 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 000000014a640220 .text C:\Windows\system32\csrss.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 000000014a640280 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\services.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\services.exe[756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\winlogon.exe[800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\svchost.exe[256] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\atiesrxx.exe[556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[420] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[1056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\atieclxx.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\Dwm.exe[1716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\Explorer.EXE[1764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000100060460 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000100060370 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000100060470 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000100060320 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000100060390 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000100060310 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000100060230 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000100060480 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000100060350 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000100060290 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000100060330 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000100060250 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000100060490 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000100060200 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000100060420 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000100060430 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000100060280 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\taskeng.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\SysWOW64\ASGT.exe[1108] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[2120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[2168] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077391465 2 bytes [39, 77] .text C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773914bb 2 bytes [39, 77] .text ... * 2 .text C:\Program Files (x86)\Internet w Cyfrowym Polsacie\Internet w Cyfrowym Polsacie.exe[2212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\ouc.exe[2244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2320] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2320] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000075651a22 2 bytes [65, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2320] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000075651ad0 2 bytes [65, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2320] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000075651b08 2 bytes [65, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2320] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000075651bba 2 bytes [65, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2320] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000075651bda 2 bytes [65, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077391465 2 bytes [39, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773914bb 2 bytes [39, 77] .text ... * 2 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\System32\svchost.exe[2460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\System32\rundll32.exe[3328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[3600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077391465 2 bytes [39, 77] .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773914bb 2 bytes [39, 77] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4016] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075a48769 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4016] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[4028] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[444] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[2148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchIndexer.exe[3404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000100170460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000100170450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000100170370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000100170470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 00000001001703e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000100170320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 00000001001703b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000100170390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 00000001001702e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 00000001001702d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000100170310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 00000001001703c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 00000001001703f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000100170230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000100170480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 00000001001703a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 00000001001702f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000100170350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000100170290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 00000001001702b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 00000001001703d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000100170330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000100170410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000100170240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 00000001001701e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000100170250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000100170490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 00000001001704a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000100170300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000100170360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 00000001001702a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 00000001001702c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000100170380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000100170340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000100170440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000100170260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000100170270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000100170400 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 00000001001701f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000100170210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000100170200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000100170420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000100170430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000100170220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000100170280 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280 .text C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Program Files\WinRAR\WinRAR.exe[5168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b1eecd 1 byte [62] .text C:\Users\Aoeseo\AppData\Local\Temp\Rar$EXa0.003\m57g1hli.exe[3576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a6a2ba 1 byte [62] ---- EOF - GMER 2.1 ----