GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-14 19:20:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 SAMSUNG_ rev.1AC0 232,89GB Running: sdgwxpdu.exe; Driver: C:\Users\OEM\AppData\Local\Temp\uxriqpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800031ba000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800031ba02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 00000001498e0460 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 00000001498e0450 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 00000001498e0370 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 00000001498e0470 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 00000001498e03e0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 00000001498e0320 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 00000001498e03b0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 00000001498e0390 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 00000001498e02e0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 00000001498e02d0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 00000001498e0310 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 00000001498e03c0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 00000001498e03f0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 00000001498e0230 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 00000001498e0480 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 00000001498e03a0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 00000001498e02f0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 00000001498e0350 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 00000001498e0290 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 00000001498e02b0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 00000001498e03d0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 00000001498e0330 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 00000001498e0410 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 00000001498e0240 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 00000001498e01e0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 00000001498e0250 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 00000001498e0490 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 00000001498e04a0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 00000001498e0300 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 00000001498e0360 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 00000001498e02a0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 00000001498e02c0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 00000001498e0380 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 00000001498e0340 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 00000001498e0440 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 00000001498e0260 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 00000001498e0270 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 00000001498e0400 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 00000001498e01f0 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 00000001498e0210 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 00000001498e0200 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 00000001498e0420 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 00000001498e0430 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 00000001498e0220 .text C:\Windows\system32\csrss.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 00000001498e0280 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 00000001498e0460 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 00000001498e0450 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 00000001498e0370 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 00000001498e0470 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 00000001498e03e0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 00000001498e0320 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 00000001498e03b0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 00000001498e0390 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 00000001498e02e0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 00000001498e02d0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 00000001498e0310 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 00000001498e03c0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 00000001498e03f0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 00000001498e0230 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 00000001498e0480 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 00000001498e03a0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 00000001498e02f0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 00000001498e0350 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 00000001498e0290 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 00000001498e02b0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 00000001498e03d0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 00000001498e0330 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 00000001498e0410 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 00000001498e0240 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 00000001498e01e0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 00000001498e0250 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 00000001498e0490 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 00000001498e04a0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 00000001498e0300 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 00000001498e0360 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 00000001498e02a0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 00000001498e02c0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 00000001498e0380 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 00000001498e0340 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 00000001498e0440 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 00000001498e0260 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 00000001498e0270 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 00000001498e0400 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 00000001498e01f0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 00000001498e0210 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 00000001498e0200 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 00000001498e0420 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 00000001498e0430 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 00000001498e0220 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 00000001498e0280 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\wininit.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\system32\wininit.exe[500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\lsm.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\system32\svchost.exe[720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000100060460 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000100060370 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000100060470 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000100060320 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000100060390 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000100060310 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000100060230 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000100060480 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000100060350 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000100060290 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000100060330 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000100060250 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000100060490 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000100060200 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000100060420 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000100060430 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000100060280 .text C:\Windows\system32\nvvsvc.exe[820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\System32\svchost.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\System32\svchost.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\system32\svchost.exe[336] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\System32\spoolsv.exe[1324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1732] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\System32\svchost.exe[1772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[1804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1908] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076691465 2 bytes [69, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1908] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000766914bb 2 bytes [69, 76] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\taskhost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\Explorer.EXE[1164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\Explorer.EXE[1164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2024] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000750b1a22 2 bytes [0B, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2024] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000750b1ad0 2 bytes [0B, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2024] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000750b1b08 2 bytes [0B, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2024] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000750b1bba 2 bytes [0B, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2024] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000750b1bda 2 bytes [0B, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076691465 2 bytes [69, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766914bb 2 bytes [69, 76] .text ... * 2 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 000000014a520460 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 000000014a520450 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 000000014a520370 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 000000014a520470 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 000000014a5203e0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 000000014a520320 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 000000014a5203b0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 000000014a520390 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 000000014a5202e0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 000000014a5202d0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 000000014a520310 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 000000014a5203c0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 000000014a5203f0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 000000014a520230 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 000000014a520480 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 000000014a5203a0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 000000014a5202f0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 000000014a520350 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 000000014a520290 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 000000014a5202b0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 000000014a5203d0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 000000014a520330 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 000000014a520410 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 000000014a520240 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 000000014a5201e0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 000000014a520250 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 000000014a520490 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 000000014a5204a0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 000000014a520300 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 000000014a520360 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 000000014a5202a0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 000000014a5202c0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 000000014a520380 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 000000014a520340 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 000000014a520440 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 000000014a520260 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 000000014a520270 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 000000014a520400 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 000000014a5201f0 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 000000014a520210 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 000000014a520200 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 000000014a520420 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 000000014a520430 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 000000014a520220 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 000000014a520280 .text C:\Windows\system32\cmd.exe[2060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe[2152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\system32\rundll32.exe[2316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2360] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe[2488] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2548] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[2572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[2572] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076691465 2 bytes [69, 76] .text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[2572] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000766914bb 2 bytes [69, 76] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2580] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000756987b1 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2580] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\system32\SearchIndexer.exe[2980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\system32\conhost.exe[3752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000077c00460 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000077c00450 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000077c00370 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000077c00470 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 0000000077c003e0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000077c00320 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 0000000077c003b0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000077c00390 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 0000000077c002e0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 0000000077c002d0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000077c00310 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 0000000077c003c0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 0000000077c003f0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000077c00230 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000077c00480 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 0000000077c003a0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 0000000077c002f0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000077c00350 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000077c00290 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 0000000077c002b0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 0000000077c003d0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000077c00330 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000077c00410 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000077c00240 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 0000000077c001e0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000077c00250 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000077c00490 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 0000000077c004a0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000077c00300 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000077c00360 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 0000000077c002a0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 0000000077c002c0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000077c00380 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000077c00340 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000077c00440 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000077c00260 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000077c00270 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000077c00400 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 0000000077c001f0 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000077c00210 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000077c00200 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000077c00420 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000077c00430 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000077c00220 .text C:\Windows\System32\svchost.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000077c00280 .text C:\Windows\SysWOW64\cmd.exe[1388] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aa1360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aa13b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aa1510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aa1560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aa1570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aa1620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aa1650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aa1670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aa16b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aa1730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aa1750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aa1790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aa17e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aa1940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa1b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aa1b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aa1c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aa1c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aa1c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aa1d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aa1d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aa1d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aa1db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aa1de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aa20a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aa2160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aa2190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aa21a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aa21d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aa21e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aa2240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aa2290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aa22c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aa22d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aa25c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aa27c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aa27d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aa27e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aa29a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aa29b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aa2a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aa2a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aa2a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aa2aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aa2b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\conhost.exe[5024] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.5\ScriptHelper.exe[3104] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Windows\Temp\PowerMon\PowerMon.exe[2172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] .text C:\Users\OEM\Downloads\sdgwxpdu.exe[4248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756ba30a 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3176:3192] 000007fefc472a7c ---- Processes - GMER 2.1 ---- Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [1804] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2012-12-22 12:19:58) 0000000100000000 Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [1844] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2012-12-22 12:19:58) 0000000100000000 Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1164] (GG drive overlay/GG Network S.A.)(2013-01-23 13:08:43) 000000005c080000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\ Reg HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764 308 Reg HKLM\SYSTEM\ControlSet002\services\ (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\@Parameters\0\x202e\x2764 308 ---- Files - GMER 2.1 ---- File C:\Program Files\Windows Defender\pl-PL\MpAsDesc.dll.mui 41472 bytes executable File C:\Program Files\Windows Defender\pl-PL\MpEvMsg.dll.mui 17920 bytes executable File C:\Program Files\Windows Defender\pl-PL\MsMpRes.dll.mui 53248 bytes executable ---- EOF - GMER 2.1 ----