GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-04 15:28:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAKX-00ERMA0 rev.15.01H15 465,76GB Running: jq84y5nl.exe; Driver: C:\Users\Aoeseo\AppData\Local\Temp\uxdiqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000149ed0460 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000149ed0450 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000149ed0370 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000149ed0470 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000149ed03e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000149ed0320 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000149ed03b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000149ed0390 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000149ed02e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000149ed02d0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000149ed0310 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000149ed03c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000149ed03f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000149ed0230 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000149ed0480 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000149ed03a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000149ed02f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000149ed0350 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000149ed0290 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000149ed02b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000149ed03d0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000149ed0330 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000149ed0410 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000149ed0240 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000149ed01e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000149ed0250 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000149ed0490 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000149ed04a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000149ed0300 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000149ed0360 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000149ed02a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000149ed02c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000149ed0380 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000149ed0340 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000149ed0440 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000149ed0260 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000149ed0270 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000149ed0400 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000149ed01f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000149ed0210 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000149ed0200 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000149ed0420 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000149ed0430 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000149ed0220 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000149ed0280 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\wininit.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000149ed0460 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000149ed0450 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000149ed0370 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000149ed0470 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000149ed03e0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000149ed0320 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000149ed03b0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000149ed0390 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000149ed02e0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000149ed02d0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000149ed0310 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000149ed03c0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000149ed03f0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000149ed0230 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000149ed0480 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000149ed03a0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000149ed02f0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000149ed0350 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000149ed0290 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000149ed02b0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000149ed03d0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000149ed0330 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000149ed0410 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000149ed0240 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000149ed01e0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000149ed0250 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000149ed0490 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000149ed04a0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000149ed0300 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000149ed0360 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000149ed02a0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000149ed02c0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000149ed0380 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000149ed0340 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000149ed0440 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000149ed0260 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000149ed0270 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000149ed0400 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000149ed01f0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000149ed0210 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000149ed0200 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000149ed0420 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000149ed0430 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000149ed0220 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000149ed0280 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\services.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\atiesrxx.exe[428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\System32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\System32\svchost.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\atieclxx.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\Dwm.exe[1656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000100070410 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000100070250 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000100070440 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000100070260 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000100070270 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000100070420 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[1764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\taskhost.exe[1900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\taskeng.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text E:\smite\HiPatchService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text E:\smite\HiPatchService.exe[2212] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2440] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] .text C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[2524] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2536] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073461a22 2 bytes [46, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2536] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073461ad0 2 bytes [46, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2536] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073461b08 2 bytes [46, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2536] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073461bba 2 bytes [46, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2536] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073461bda 2 bytes [46, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[2664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\System32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[3652] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3216] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3680] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3912] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!DispatchMessageW 00000000751a787b 5 bytes JMP 0000000167b202f0 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!DispatchMessageA 00000000751a7bbb 5 bytes JMP 0000000167b202c0 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000751a8a29 5 bytes JMP 0000000167b20c70 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!SetWindowPos 00000000751a8e4e 5 bytes JMP 0000000167b20450 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!DestroyWindow 00000000751a9a55 5 bytes JMP 0000000167b20420 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000751ad22e 5 bytes JMP 0000000167b20b40 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000751b05ba 5 bytes JMP 0000000167b20610 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000751b0dfb 5 bytes JMP 0000000167b20320 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!EndPaint 00000000751b1341 5 bytes JMP 0000000167b206f0 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000751b1361 5 bytes JMP 0000000167b20690 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect 00000000751b28da 5 bytes JMP 0000000167b20ac0 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!SetCursor 00000000751b41f6 5 bytes JMP 0000000167b1fe00 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000751b5f74 5 bytes JMP 0000000167b205b0 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!BringWindowToTop 00000000751b7b3b 5 bytes JMP 0000000167b20670 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!AnimateWindow 00000000751bb531 5 bytes JMP 0000000167b204c0 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow 00000000751bba4a 5 bytes JMP 0000000167b209f0 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!WindowFromPoint 00000000751ced12 5 bytes JMP 0000000167b1fe20 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!SetCapture 00000000751ced56 5 bytes JMP 0000000167b20590 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 00000000751cf170 5 bytes JMP 0000000167b20550 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076925ea6 5 bytes JMP 0000000167b1fe50 .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\PROGRA~2\Raptr\raptr.exe[4456] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\SearchIndexer.exe[4920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\PROGRA~2\Raptr\raptr_im.exe[5092] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\AUDIODG.EXE[576] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280 .text C:\Users\Aoeseo\Downloads\jq84y5nl.exe[3684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ba2ba 1 byte [62] ---- EOF - GMER 2.1 ----