GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-19 19:26:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LT012-9WS142 rev.0001LVM1 465,76GB Running: 6rfyjodq.exe; Driver: C:\Users\KOMPUT~1\AppData\Local\Temp\pgddqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 000000014a590460 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 000000014a590450 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 000000014a590370 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 000000014a590470 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 000000014a5903e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 000000014a590320 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 000000014a5903b0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 000000014a590390 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 000000014a5902e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 000000014a5902d0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 000000014a590310 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 000000014a5903c0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 000000014a5903f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 000000014a590230 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffffd2fde890} .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 000000014a590480 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 000000014a5903a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 000000014a5902f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 000000014a590350 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 000000014a590290 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 000000014a5902b0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 000000014a5903d0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 000000014a590330 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffffd2fde590} .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 000000014a590410 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 000000014a590240 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 000000014a5901e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 000000014a590250 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffffd2fde090} .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 000000014a590490 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 000000014a5904a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 000000014a590300 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 000000014a590360 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 000000014a5902a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 000000014a5902c0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 000000014a590380 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 000000014a590340 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 000000014a590440 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 000000014a590260 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 000000014a590270 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 000000014a590400 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 000000014a5901f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 000000014a590210 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 000000014a590200 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 000000014a590420 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 000000014a590430 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 000000014a590220 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 000000014a590280 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\wininit.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\wininit.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 000000014a590460 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 000000014a590450 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 000000014a590370 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 000000014a590470 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 000000014a5903e0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 000000014a590320 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 000000014a5903b0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 000000014a590390 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 000000014a5902e0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 000000014a5902d0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 000000014a590310 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 000000014a5903c0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 000000014a5903f0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 000000014a590230 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffffd2fde890} .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 000000014a590480 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 000000014a5903a0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 000000014a5902f0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 000000014a590350 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 000000014a590290 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 000000014a5902b0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 000000014a5903d0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 000000014a590330 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffffd2fde590} .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 000000014a590410 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 000000014a590240 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 000000014a5901e0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 000000014a590250 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffffd2fde090} .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 000000014a590490 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 000000014a5904a0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 000000014a590300 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 000000014a590360 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 000000014a5902a0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 000000014a5902c0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 000000014a590380 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 000000014a590340 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 000000014a590440 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 000000014a590260 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 000000014a590270 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 000000014a590400 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 000000014a5901f0 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 000000014a590210 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 000000014a590200 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 000000014a590420 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 000000014a590430 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 000000014a590220 .text C:\Windows\system32\csrss.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 000000014a590280 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\services.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\services.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\winlogon.exe[788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\lsass.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\lsm.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\System32\svchost.exe[584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\System32\svchost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\System32\svchost.exe[632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88abe890} .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88abe590} .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88abe090} .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88abe890} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88abe590} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88abe090} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[1220] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\WLANExt.exe[1324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\Dwm.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\Explorer.EXE[1452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\Explorer.EXE[1452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\System32\spoolsv.exe[1728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88abe890} .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88abe590} .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88abe090} .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\taskhost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769aa322 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[1992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\System32\rundll32.exe[2000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\System32\hkcmd.exe[2024] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769aa322 1 byte [62] .text C:\Windows\System32\igfxpers.exe[1368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[2696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[2720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100070460 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100070450 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100070370 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100070470 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001000703e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100070320 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001000703b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100070390 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001000702e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001000702d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100070310 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001000703c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001000703f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100070230 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88abe890} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100070480 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001000703a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001000702f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100070350 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100070290 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001000702b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001000703d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100070330 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88abe590} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100070410 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100070240 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001000701e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100070250 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88abe090} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000100070490 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001000704a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100070300 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100070360 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001000702a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001000702c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100070380 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100070340 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100070440 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100070260 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100070270 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100070400 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001000701f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100070210 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100070200 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100070420 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100070430 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100070220 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100070280 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[2888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3004] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769aa322 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3324] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769aa322 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3376] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769aa322 1 byte [62] .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769aa322 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88abe890} .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88abe590} .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88abe090} .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchIndexer.exe[2664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769aa322 1 byte [62] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3948] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076571465 2 bytes [57, 76] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3948] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000765714bb 2 bytes [57, 76] .text ... * 2 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\System32\svchost.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\wbem\wmiprvse.exe[4996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\wbem\wmiprvse.exe[5004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4224] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769aa322 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076571465 2 bytes [57, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765714bb 2 bytes [57, 76] .text ... * 2 .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769aa322 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1440] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769aa322 1 byte [62] .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\System32\svchost.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710460 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710450 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710470 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710480 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 0000000077710490 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104a0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710440 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Windows\system32\AUDIODG.EXE[5612] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Users\komputerek\Desktop\6rfyjodq.exe[5580] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769aa322 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\Explorer.EXE [1452:1576] 000000005c158e00 Thread C:\Windows\Explorer.EXE [1452:1544] 000007fefa312154 Thread C:\Windows\Explorer.EXE [1452:2372] 000007fefc316204 Thread C:\Windows\Explorer.EXE [1452:3620] 000007fef4152118 Thread C:\Windows\Explorer.EXE [1452:3880] 000007fefa2d2f9c Thread C:\Windows\Explorer.EXE [1452:5628] 000007fef3451ebc Thread C:\Windows\Explorer.EXE [1452:5840] 000007fef9b01010 ---- Processes - GMER 2.1 ---- Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948] (Python Core/Python Software Foundation)(2014-09-19 15:56:37) 000000001e000000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 000000001e8c0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:37) 000000001e7a0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:20) 0000000001f50000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 0000000000280000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:37) 0000000010000000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:28) 000000001e800000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:36) 00000000020a0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:24) 0000000002f80000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948] (wxWidgets for MSW/wxWidgets development team)(2014-09-19 15:56:37) 00000000030b0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948] (wxWidgets for MSW/wxWidgets development team)(2014-09-19 15:56:37) 0000000000310000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948] (wxWidgets for MSW/wxWidgets development team)(2014-09-19 15:56:37) 00000000032a0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948] (wxWidgets for MSW/wxWidgets development team)(2014-09-19 15:56:37) 0000000003740000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:37) 0000000003980000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:36) 0000000004300000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948] (wxWidgets for MSW/wxWidgets development team)(2014-09-19 15:56:37) 0000000003a50000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:31) 00000000045f0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:20) 0000000004700000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 000000001d100000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 00000000005d0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:28) 00000000043d0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\hashobjs_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:37) 00000000005a0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 000000001d1a0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 000000001ea10000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 000000001ec80000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 000000001e9b0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 000000001eaa0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:36) 0000000000600000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948] (wxWidgets for MSW/wxWidgets development team)(2014-09-19 15:56:37) 00000000027f0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 000000001ea40000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:19) 000000001e980000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:37) 0000000002850000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 0000000005920000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:19) 00000000058c0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 0000000005890000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:36) 000000001eb90000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:36) 000000001eb60000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:19) 000000001ebf0000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:29) 000000001ec20000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:26) 000000001ed40000 Library C:\Users\KOMPUT~1\AppData\Local\Temp\_MEI29122\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3948](2014-09-19 15:56:20) 00000000058f0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\681729efb3ba Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\681729efb3ba (not active ControlSet) ---- EOF - GMER 2.1 ----