GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-12 03:20:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: nkegnm4e.exe; Driver: C:\Users\HP\AppData\Local\Temp\uxrdipod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035b3000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035b302f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 000000014a400460 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 000000014a400450 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 000000014a400370 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 000000014a400470 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 000000014a4003e0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 000000014a400320 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 000000014a4003b0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 000000014a400390 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 000000014a4002e0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 000000014a4002d0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 000000014a400310 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 000000014a4003c0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 000000014a4003f0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 000000014a400230 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 000000014a400480 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 000000014a4003a0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 000000014a4002f0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 000000014a400350 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 000000014a400290 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 000000014a4002b0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 000000014a4003d0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 000000014a400330 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 000000014a400410 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 000000014a400240 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 000000014a4001e0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 000000014a400250 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 000000014a400490 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 000000014a4004a0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 000000014a400300 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 000000014a400360 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 000000014a4002a0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 000000014a4002c0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 000000014a400380 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 000000014a400340 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 000000014a400440 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 000000014a400260 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 000000014a400270 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 000000014a400400 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 000000014a4001f0 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 000000014a400210 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 000000014a400200 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 000000014a400420 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 000000014a400430 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 000000014a400220 .text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 000000014a400280 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 000000014a400460 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 000000014a400450 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 000000014a400370 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 000000014a400470 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 000000014a4003e0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 000000014a400320 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 000000014a4003b0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 000000014a400390 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 000000014a4002e0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 000000014a4002d0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 000000014a400310 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 000000014a4003c0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 000000014a4003f0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 000000014a400230 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 000000014a400480 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 000000014a4003a0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 000000014a4002f0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 000000014a400350 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 000000014a400290 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 000000014a4002b0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 000000014a4003d0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 000000014a400330 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 000000014a400410 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 000000014a400240 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 000000014a4001e0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 000000014a400250 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 000000014a400490 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 000000014a4004a0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 000000014a400300 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 000000014a400360 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 000000014a4002a0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 000000014a4002c0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 000000014a400380 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 000000014a400340 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 000000014a400440 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 000000014a400260 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 000000014a400270 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 000000014a400400 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 000000014a4001f0 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 000000014a400210 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 000000014a400200 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 000000014a400420 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 000000014a400430 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 000000014a400220 .text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 000000014a400280 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\system32\wininit.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\system32\atiesrxx.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\System32\svchost.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\System32\svchost.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Program Files\IDT\WDM\STacSV64.exe[1032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\atieclxx.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\Dwm.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000100070410 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000100070250 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000100070440 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000100070260 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000100070270 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000100070420 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[1788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000100060460 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000100060370 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000100060470 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000100060320 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000100060390 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000100060310 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000100060230 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000100060480 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000100060350 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000100060290 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000100060330 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000100060250 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000100060490 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000100060200 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000100060420 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000100060430 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\taskhost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000100060280 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1616] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075198791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1616] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files\IDT\WDM\sttray64.exe[1620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\System32\igfxtray.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\System32\hkcmd.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2216] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files\IDT\WDM\AESTSr64.exe[2316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2656] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2692] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE[2704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[2728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2744] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075631465 2 bytes [63, 75] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756314bb 2 bytes [63, 75] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2808] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075198791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075631465 2 bytes [63, 75] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756314bb 2 bytes [63, 75] .text ... * 2 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000100070460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000100070450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000100070370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000100070470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000001000703e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000100070320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000001000703b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000100070390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000001000702e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000001000702d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000100070310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000001000703c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000001000703f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000100070230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000100070480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000001000703a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000001000702f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000100070350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000100070290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000001000702b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000001000703d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000100070330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000100070410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000100070240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000001000701e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000100070250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000100070490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000001000704a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000100070300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000100070360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000001000702a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000001000702c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000100070380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000100070340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000100070440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000100070260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000100070270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000100070400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000001000701f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000100070210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000100070200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000100070420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000100070430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000100070220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000100070280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[2088] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[1756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3228] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[3592] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3616] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3616] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075631465 2 bytes [63, 75] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3616] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000756314bb 2 bytes [63, 75] .text ... * 2 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\svchost.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\System32\svchost.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[1172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075631465 2 bytes [63, 75] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756314bb 2 bytes [63, 75] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\SearchIndexer.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[5068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075631465 2 bytes [63, 75] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756314bb 2 bytes [63, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\system32\svchost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000077690460 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000077690450 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000077690370 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000077690470 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000000776903e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000077690320 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000000776903b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000077690390 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000000776902e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000000776902d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000077690310 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000000776903c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000000776903f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000077690230 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000077690480 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000000776903a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000000776902f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000077690350 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000077690290 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000000776902b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000000776903d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000077690330 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000077690410 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000077690240 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000000776901e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000077690250 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000077690490 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000000776904a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000077690300 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000077690360 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000000776902a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000000776902c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000077690380 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000077690340 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000077690440 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000077690260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000077690270 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000077690400 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000000776901f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000077690210 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000077690200 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000077690420 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000077690430 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000077690220 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000077690280 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6124] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007731ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4072] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3216] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5500] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077531360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077531510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077531560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077531570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077531620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077531650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077531670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077531730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077531750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077531790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077531940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077531b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077531b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077531c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077531c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077531c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077531d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077531d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077531d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077531db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077531de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077532160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077532190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077532240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077532290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077532a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077532a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077532a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077532aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\wuauclt.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077532b80 5 bytes JMP 0000000100070280 .text C:\Users\HP\Desktop\nkegnm4e.exe[2600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000751ba2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3772:5684] 000007fef1ab9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4e3fc80 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@1474115f58f5 0xD5 0x9F 0x05 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@001edc9066b1 0xB4 0xD4 0x86 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@001a8ab10ce4 0x41 0x0E 0x0E 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@001f5cacfe1b 0xB5 0x87 0x72 0x78 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@ac81f3b2b51a 0x7A 0x5F 0x33 0xFB ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@0019b74a1e33 0x6A 0xCB 0x81 0x95 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@e839df59129c 0x6A 0x86 0x38 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@68ed438d527e 0xB3 0x67 0x56 0x06 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE8 0xC3 0xDD 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4e3fc80 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@1474115f58f5 0xD5 0x9F 0x05 0x4F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@001edc9066b1 0xB4 0xD4 0x86 0x04 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@001a8ab10ce4 0x41 0x0E 0x0E 0x1B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@001f5cacfe1b 0xB5 0x87 0x72 0x78 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@ac81f3b2b51a 0x7A 0x5F 0x33 0xFB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@0019b74a1e33 0x6A 0xCB 0x81 0x95 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@e839df59129c 0x6A 0x86 0x38 0x07 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4e3fc80@68ed438d527e 0xB3 0x67 0x56 0x06 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE8 0xC3 0xDD 0xA7 ... ---- EOF - GMER 2.1 ----