GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-02 20:33:41 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST1000LM014-SSHD-8GB rev.LVD3 931,51GB Running: xfs5h93o.exe; Driver: C:\Users\Jarek\AppData\Local\Temp\kwddykog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000149a80460 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000149a80450 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000149a80370 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000149a80470 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000149a803e0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000149a80320 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000149a803b0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000149a80390 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000149a802e0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000149a802d0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000149a80310 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000149a803c0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000149a803f0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000149a80230 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000149a80480 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000149a803a0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000149a802f0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000149a80350 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000149a80290 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000149a802b0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000149a803d0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000149a80330 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000149a80410 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000149a80240 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000149a801e0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000149a80250 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000149a80490 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000149a804a0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000149a80300 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000149a80360 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000149a802a0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000149a802c0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000149a80380 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000149a80340 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000149a80440 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000149a80260 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000149a80270 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000149a80400 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000149a801f0 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000149a80210 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000149a80200 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000149a80420 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000149a80430 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000149a80220 .text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000149a80280 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\wininit.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\wininit.exe[800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000149a80460 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000149a80450 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000149a80370 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000149a80470 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000149a803e0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000149a80320 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000149a803b0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000149a80390 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000149a802e0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000149a802d0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000149a80310 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000149a803c0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000149a803f0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000149a80230 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000149a80480 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000149a803a0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000149a802f0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000149a80350 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000149a80290 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000149a802b0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000149a803d0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000149a80330 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000149a80410 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000149a80240 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000149a801e0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000149a80250 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000149a80490 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000149a804a0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000149a80300 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000149a80360 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000149a802a0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000149a802c0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000149a80380 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000149a80340 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000149a80440 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000149a80260 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000149a80270 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000149a80400 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000149a801f0 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000149a80210 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000149a80200 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000149a80420 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000149a80430 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000149a80220 .text C:\Windows\system32\csrss.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000149a80280 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\lsass.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\lsm.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\nvvsvc.exe[608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\System32\svchost.exe[540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\WLANExt.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\Dwm.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\System32\spoolsv.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\Explorer.EXE[1980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\Explorer.EXE[1980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text d:\Program Files\AVAST Software\Avast\afwServ.exe[996] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000774c8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text d:\Program Files\AVAST Software\Avast\afwServ.exe[996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000774ea2fd 1 byte [62] .text d:\Program Files\AVAST Software\Avast\afwServ.exe[996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76] .text d:\Program Files\AVAST Software\Avast\afwServ.exe[996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76] .text ... * 2 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000100060460 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000100060370 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000100060470 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000100060320 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000100060390 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000100060310 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000100060230 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000100060480 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000100060350 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000100060290 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000100060330 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000100060250 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000100060490 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000100060200 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000100060420 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000100060430 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\taskhost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000100060280 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2292] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000774ea2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\System32\rundll32.exe[2960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2772] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3080] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000774ea2fd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\wbem\wmiprvse.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\wbem\wmiprvse.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\Elantech\ETDCtrl.exe[4036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\Windows Sidebar\sidebar.exe[4044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[1628] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text D:\Program Files\AVAST Software\Avast\avastui.exe[1368] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000774c8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text D:\Program Files\AVAST Software\Avast\avastui.exe[1368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000774ea2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3360] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000774ea2fd 1 byte [62] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[3528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000774ea2fd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\SearchIndexer.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\igfxHK.exe[3568] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\igfxEM.exe[1188] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\svchost.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\Elantech\ETDIntelligent.exe[4480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\System32\svchost.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000100060460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000100060450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000100060370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000100060470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 00000001000603e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000100060320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 00000001000603b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000100060390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 00000001000602e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 00000001000602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000100060310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 00000001000603c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 00000001000603f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000100060230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000100060480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 00000001000603a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 00000001000602f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000100060350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000100060290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 00000001000602b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 00000001000603d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000100060330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000100060410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000100060240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 00000001000601e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000100060250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000100060490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 00000001000604a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000100060300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000100060360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 00000001000602a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 00000001000602c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000100060380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000100060340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000100060440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000100060260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000100060270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000100060400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 00000001000601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000100060210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000100060200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000100060420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000100060430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000100060220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000100060280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\system32\conhost.exe[4932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[6140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[5400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000100070460 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000100070450 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000100070370 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000100070470 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 00000001000703e0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000100070320 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 00000001000703b0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000100070390 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 00000001000702d0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000100070310 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 00000001000703c0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000100070230 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000100070480 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000100070350 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000100070290 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000100070330 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000100070410 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000100070240 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000100070250 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000100070490 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000100070300 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000100070360 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 00000001000702a0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 00000001000702c0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000100070380 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000100070340 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000100070440 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000100070260 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000100070270 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000100070400 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000100070210 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000100070200 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000100070420 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000100070430 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\notepad.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000100070280 .text C:\Windows\notepad.exe[2780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779d1360 5 bytes JMP 0000000077b30460 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779d13b0 5 bytes JMP 0000000077b30450 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779d1510 5 bytes JMP 0000000077b30370 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779d1560 5 bytes JMP 0000000077b30470 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779d1570 5 bytes JMP 0000000077b303e0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779d1620 5 bytes JMP 0000000077b30320 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779d1650 5 bytes JMP 0000000077b303b0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779d1670 5 bytes JMP 0000000077b30390 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779d16b0 5 bytes JMP 0000000077b302e0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779d1730 5 bytes JMP 0000000077b302d0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779d1750 5 bytes JMP 0000000077b30310 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779d1790 5 bytes JMP 0000000077b303c0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779d17e0 5 bytes JMP 0000000077b303f0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779d1940 5 bytes JMP 0000000077b30230 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779d1b00 5 bytes JMP 0000000077b30480 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779d1b30 5 bytes JMP 0000000077b303a0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779d1c10 5 bytes JMP 0000000077b302f0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779d1c20 5 bytes JMP 0000000077b30350 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779d1c80 5 bytes JMP 0000000077b30290 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779d1d10 5 bytes JMP 0000000077b302b0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779d1d30 5 bytes JMP 0000000077b303d0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779d1d40 5 bytes JMP 0000000077b30330 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779d1db0 5 bytes JMP 0000000077b30410 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779d1de0 5 bytes JMP 0000000077b30240 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779d20a0 5 bytes JMP 0000000077b301e0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779d2160 5 bytes JMP 0000000077b30250 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779d2190 5 bytes JMP 0000000077b30490 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779d21a0 5 bytes JMP 0000000077b304a0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779d21d0 5 bytes JMP 0000000077b30300 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779d21e0 5 bytes JMP 0000000077b30360 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779d2240 5 bytes JMP 0000000077b302a0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779d2290 5 bytes JMP 0000000077b302c0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779d22c0 5 bytes JMP 0000000077b30380 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779d22d0 5 bytes JMP 0000000077b30340 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779d25c0 5 bytes JMP 0000000077b30440 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779d27c0 5 bytes JMP 0000000077b30260 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779d27d0 5 bytes JMP 0000000077b30270 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779d27e0 5 bytes JMP 0000000077b30400 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779d29a0 5 bytes JMP 0000000077b301f0 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779d29b0 5 bytes JMP 0000000077b30210 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779d2a20 5 bytes JMP 0000000077b30200 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779d2a80 5 bytes JMP 0000000077b30420 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779d2a90 5 bytes JMP 0000000077b30430 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779d2aa0 5 bytes JMP 0000000077b30220 .text C:\Windows\notepad.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779d2b80 5 bytes JMP 0000000077b30280 .text C:\Windows\notepad.exe[3812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777bef8d 1 byte [62] .text C:\Users\Jarek\Desktop\czyszczenie\xfs5h93o.exe[1052] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000774ea2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [6076:5376] 000007fedd669688 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----