GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-05-29 16:23:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: gmer.exe; Driver: C:\Users\mati\AppData\Local\Temp\ugldapob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800039a9000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800039a902f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 000000014a0a0460 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 000000014a0a0450 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 000000014a0a0370 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 000000014a0a0470 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 000000014a0a03e0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 000000014a0a0320 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 000000014a0a03b0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 000000014a0a0390 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 000000014a0a02e0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 000000014a0a02d0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 000000014a0a0310 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 000000014a0a03c0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 000000014a0a03f0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 000000014a0a0230 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 000000014a0a0480 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 000000014a0a03a0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 000000014a0a02f0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 000000014a0a0350 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 000000014a0a0290 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 000000014a0a02b0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 000000014a0a03d0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 000000014a0a0330 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 000000014a0a0410 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 000000014a0a0240 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 000000014a0a01e0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 000000014a0a0250 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 000000014a0a0490 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 000000014a0a04a0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 000000014a0a0300 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 000000014a0a0360 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 000000014a0a02a0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 000000014a0a02c0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 000000014a0a0380 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 000000014a0a0340 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 000000014a0a0440 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 000000014a0a0260 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 000000014a0a0270 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 000000014a0a0400 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 000000014a0a01f0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 000000014a0a0210 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 000000014a0a0200 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 000000014a0a0420 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 000000014a0a0430 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 000000014a0a0220 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 000000014a0a0280 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\wininit.exe[480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 000000014a0a0460 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 000000014a0a0450 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 000000014a0a0370 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 000000014a0a0470 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 000000014a0a03e0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 000000014a0a0320 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 000000014a0a03b0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 000000014a0a0390 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 000000014a0a02e0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 000000014a0a02d0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 000000014a0a0310 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 000000014a0a03c0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 000000014a0a03f0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 000000014a0a0230 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 000000014a0a0480 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 000000014a0a03a0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 000000014a0a02f0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 000000014a0a0350 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 000000014a0a0290 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 000000014a0a02b0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 000000014a0a03d0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 000000014a0a0330 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 000000014a0a0410 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 000000014a0a0240 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 000000014a0a01e0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 000000014a0a0250 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 000000014a0a0490 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 000000014a0a04a0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 000000014a0a0300 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 000000014a0a0360 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 000000014a0a02a0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 000000014a0a02c0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 000000014a0a0380 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 000000014a0a0340 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 000000014a0a0440 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 000000014a0a0260 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 000000014a0a0270 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 000000014a0a0400 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 000000014a0a01f0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 000000014a0a0210 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 000000014a0a0200 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 000000014a0a0420 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 000000014a0a0430 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 000000014a0a0220 .text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 000000014a0a0280 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\winlogon.exe[536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\services.exe[588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\lsm.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\nvvsvc.exe[776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\atiesrxx.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\System32\svchost.exe[988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[336] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\Dwm.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\Explorer.EXE[1600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\Explorer.EXE[1600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\system32\taskhost.exe[1852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1976] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076f48791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f6a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759e1465 2 bytes [9E, 75] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759e14bb 2 bytes [9E, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 0000000100070460 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 0000000100070450 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 0000000100070370 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 0000000100070470 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000001000703e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 0000000100070320 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000001000703b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 0000000100070390 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000001000702d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 0000000100070310 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000001000703c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 0000000100070230 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 0000000100070480 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 0000000100070350 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 0000000100070290 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 0000000100070330 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 0000000100070410 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 0000000100070240 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 0000000100070250 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 0000000100070490 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 0000000100070300 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 0000000100070360 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000001000702a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000001000702c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 0000000100070380 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 0000000100070340 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 0000000100070440 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 0000000100070260 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 0000000100070270 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 0000000100070400 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 0000000100070210 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 0000000100070200 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 0000000100070420 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 0000000100070430 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\taskeng.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2128] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f6a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2300] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f6a2fd 1 byte [62] .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text c:\Program Files\Bonjour\mDNSResponder.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2544] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f6a2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f6a2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072dc1a22 2 bytes [DC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072dc1ad0 2 bytes [DC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072dc1b08 2 bytes [DC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072dc1bba 2 bytes [DC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072dc1bda 2 bytes [DC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759e1465 2 bytes [9E, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759e14bb 2 bytes [9E, 75] .text ... * 2 .text C:\Program Files (x86)\Prime95\prime95.exe[2644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f6a2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\System32\svchost.exe[2752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007713ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f6a2fd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\system32\SearchIndexer.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077351360 5 bytes JMP 00000000774b0460 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773513b0 5 bytes JMP 00000000774b0450 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077351510 5 bytes JMP 00000000774b0370 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077351560 5 bytes JMP 00000000774b0470 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077351570 5 bytes JMP 00000000774b03e0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077351620 5 bytes JMP 00000000774b0320 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077351650 5 bytes JMP 00000000774b03b0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077351670 5 bytes JMP 00000000774b0390 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773516b0 5 bytes JMP 00000000774b02e0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077351730 5 bytes JMP 00000000774b02d0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077351750 5 bytes JMP 00000000774b0310 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077351790 5 bytes JMP 00000000774b03c0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773517e0 5 bytes JMP 00000000774b03f0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077351940 5 bytes JMP 00000000774b0230 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077351b00 5 bytes JMP 00000000774b0480 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077351b30 5 bytes JMP 00000000774b03a0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077351c10 5 bytes JMP 00000000774b02f0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077351c20 5 bytes JMP 00000000774b0350 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077351c80 5 bytes JMP 00000000774b0290 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077351d10 5 bytes JMP 00000000774b02b0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077351d30 5 bytes JMP 00000000774b03d0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077351d40 5 bytes JMP 00000000774b0330 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077351db0 5 bytes JMP 00000000774b0410 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077351de0 5 bytes JMP 00000000774b0240 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773520a0 5 bytes JMP 00000000774b01e0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077352160 5 bytes JMP 00000000774b0250 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077352190 5 bytes JMP 00000000774b0490 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773521a0 5 bytes JMP 00000000774b04a0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773521d0 5 bytes JMP 00000000774b0300 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773521e0 5 bytes JMP 00000000774b0360 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077352240 5 bytes JMP 00000000774b02a0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077352290 5 bytes JMP 00000000774b02c0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773522c0 5 bytes JMP 00000000774b0380 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773522d0 5 bytes JMP 00000000774b0340 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773525c0 5 bytes JMP 00000000774b0440 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773527c0 5 bytes JMP 00000000774b0260 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773527d0 5 bytes JMP 00000000774b0270 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773527e0 5 bytes JMP 00000000774b0400 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773529a0 5 bytes JMP 00000000774b01f0 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773529b0 5 bytes JMP 00000000774b0210 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077352a20 5 bytes JMP 00000000774b0200 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077352a80 5 bytes JMP 00000000774b0420 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077352a90 5 bytes JMP 00000000774b0430 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077352aa0 5 bytes JMP 00000000774b0220 .text C:\Windows\System32\svchost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077352b80 5 bytes JMP 00000000774b0280 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4852] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f6a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759e1465 2 bytes [9E, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759e14bb 2 bytes [9E, 75] .text ... * 2 .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4512] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f6a2fd 1 byte [62] .text C:\Users\mati\Desktop\gmer.exe[4368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f6a2fd 1 byte [62] ---- EOF - GMER 2.1 ----