GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-29 18:37:03 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: iyqzn86j.exe; Driver: C:\Users\mati\AppData\Local\Temp\ugldapob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800039aa000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800039aa011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 000000014a5b0460 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 000000014a5b0450 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 000000014a5b0370 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 000000014a5b0470 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 000000014a5b03e0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 000000014a5b0320 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 000000014a5b03b0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 000000014a5b0390 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 000000014a5b02e0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 000000014a5b02d0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 000000014a5b0310 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 000000014a5b03c0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 000000014a5b03f0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 000000014a5b0230 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 000000014a5b0480 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 000000014a5b03a0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 000000014a5b02f0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 000000014a5b0350 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 000000014a5b0290 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 000000014a5b02b0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 000000014a5b03d0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 000000014a5b0330 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 000000014a5b0410 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 000000014a5b0240 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 000000014a5b01e0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 000000014a5b0250 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 000000014a5b0490 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 000000014a5b04a0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 000000014a5b0300 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 000000014a5b0360 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 000000014a5b02a0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 000000014a5b02c0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 000000014a5b0380 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 000000014a5b0340 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 000000014a5b0440 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 000000014a5b0260 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 000000014a5b0270 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 000000014a5b0400 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 000000014a5b01f0 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 000000014a5b0210 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 000000014a5b0200 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 000000014a5b0420 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 000000014a5b0430 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 000000014a5b0220 .text C:\Windows\system32\csrss.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 000000014a5b0280 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 000000014a5b0460 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 000000014a5b0450 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 000000014a5b0370 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 000000014a5b0470 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 000000014a5b03e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 000000014a5b0320 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 000000014a5b03b0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 000000014a5b0390 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 000000014a5b02e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 000000014a5b02d0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 000000014a5b0310 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 000000014a5b03c0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 000000014a5b03f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 000000014a5b0230 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 000000014a5b0480 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 000000014a5b03a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 000000014a5b02f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 000000014a5b0350 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 000000014a5b0290 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 000000014a5b02b0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 000000014a5b03d0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 000000014a5b0330 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 000000014a5b0410 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 000000014a5b0240 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 000000014a5b01e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 000000014a5b0250 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 000000014a5b0490 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 000000014a5b04a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 000000014a5b0300 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 000000014a5b0360 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 000000014a5b02a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 000000014a5b02c0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 000000014a5b0380 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 000000014a5b0340 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 000000014a5b0440 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 000000014a5b0260 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 000000014a5b0270 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 000000014a5b0400 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 000000014a5b01f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 000000014a5b0210 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 000000014a5b0200 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 000000014a5b0420 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 000000014a5b0430 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 000000014a5b0220 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 000000014a5b0280 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\wininit.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\wininit.exe[492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\winlogon.exe[540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759ef8d 1 byte [62] .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759ef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\atiesrxx.exe[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\System32\svchost.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759ef8d 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\Explorer.EXE[1476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\Explorer.EXE[1476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759ef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\System32\spoolsv.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\taskeng.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[320] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[892] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1436] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000754a8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077101465 2 bytes [10, 77] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771014bb 2 bytes [10, 77] .text ... * 2 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1348] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text c:\Program Files\Bonjour\mDNSResponder.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2308] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073cf1a22 2 bytes [CF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073cf1ad0 2 bytes [CF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073cf1b08 2 bytes [CF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073cf1bba 2 bytes [CF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073cf1bda 2 bytes [CF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077101465 2 bytes [10, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771014bb 2 bytes [10, 77] .text ... * 2 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\System32\svchost.exe[2764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2856] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\SearchIndexer.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000100070460 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000100070450 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000100070370 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000100070470 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000001000703e0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000100070320 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000001000703b0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000100070390 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000001000702d0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000100070310 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000001000703c0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000100070230 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000100070480 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000100070350 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000100070290 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000100070330 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000100070410 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000100070240 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000100070250 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000100070490 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000100070300 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000100070360 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000001000702a0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000001000702c0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000100070380 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000100070340 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000100070440 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000100070260 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000100070270 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000100070400 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000100070210 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000100070200 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000100070420 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000100070430 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\iPod\bin\iPodService.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\System32\svchost.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\wbem\wmiprvse.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[2660] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776b1360 5 bytes JMP 0000000077810460 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776b13b0 5 bytes JMP 0000000077810450 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776b1510 5 bytes JMP 0000000077810370 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776b1560 5 bytes JMP 0000000077810470 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776b1570 5 bytes JMP 00000000778103e0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776b1620 5 bytes JMP 0000000077810320 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776b1650 5 bytes JMP 00000000778103b0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776b1670 5 bytes JMP 0000000077810390 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776b16b0 5 bytes JMP 00000000778102e0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776b1730 5 bytes JMP 00000000778102d0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776b1750 5 bytes JMP 0000000077810310 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776b1790 5 bytes JMP 00000000778103c0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776b17e0 5 bytes JMP 00000000778103f0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776b1940 5 bytes JMP 0000000077810230 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776b1b00 5 bytes JMP 0000000077810480 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776b1b30 5 bytes JMP 00000000778103a0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776b1c10 5 bytes JMP 00000000778102f0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776b1c20 5 bytes JMP 0000000077810350 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776b1c80 5 bytes JMP 0000000077810290 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776b1d10 5 bytes JMP 00000000778102b0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776b1d30 5 bytes JMP 00000000778103d0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776b1d40 5 bytes JMP 0000000077810330 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776b1db0 5 bytes JMP 0000000077810410 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776b1de0 5 bytes JMP 0000000077810240 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776b20a0 5 bytes JMP 00000000778101e0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776b2160 5 bytes JMP 0000000077810250 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776b2190 5 bytes JMP 0000000077810490 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776b21a0 5 bytes JMP 00000000778104a0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776b21d0 5 bytes JMP 0000000077810300 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776b21e0 5 bytes JMP 0000000077810360 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776b2240 5 bytes JMP 00000000778102a0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776b2290 5 bytes JMP 00000000778102c0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776b22c0 5 bytes JMP 0000000077810380 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776b22d0 5 bytes JMP 0000000077810340 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776b25c0 5 bytes JMP 0000000077810440 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776b27c0 5 bytes JMP 0000000077810260 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776b27d0 5 bytes JMP 0000000077810270 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776b27e0 5 bytes JMP 0000000077810400 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776b29a0 5 bytes JMP 00000000778101f0 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776b29b0 5 bytes JMP 0000000077810210 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776b2a20 5 bytes JMP 0000000077810200 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776b2a80 5 bytes JMP 0000000077810420 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776b2a90 5 bytes JMP 0000000077810430 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776b2aa0 5 bytes JMP 0000000077810220 .text C:\Windows\system32\AUDIODG.EXE[5680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776b2b80 5 bytes JMP 0000000077810280 .text C:\Users\mati\Desktop\Logi\iyqzn86j.exe[5136] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\CISVC.EXE [2388:2436] 000007fefe22a808 ---- Processes - GMER 2.1 ---- Library C:\Users\mati\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1476] (GG drive menu/GG Network S.A.)(2013- 000000005ff80000 ---- EOF - GMER 2.1 ----