GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-04 21:29:33 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000070 WDC_WD10 rev.01.0 931,51GB Running: l2zi8l1d.exe; Driver: C:\Users\Kordian\AppData\Local\Temp\pwdcipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 000000014a250460 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 000000014a250450 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 000000014a250370 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 000000014a250470 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 000000014a2503e0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 000000014a250320 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 000000014a2503b0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 000000014a250390 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 000000014a2502e0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 000000014a2502d0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 000000014a250310 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 000000014a2503c0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 000000014a2503f0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 000000014a250230 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 000000014a250480 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 000000014a2503a0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 000000014a2502f0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 000000014a250350 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 000000014a250290 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 000000014a2502b0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 000000014a2503d0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 000000014a250330 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 000000014a250410 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 000000014a250240 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 000000014a2501e0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 000000014a250250 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 000000014a250490 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 000000014a2504a0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 000000014a250300 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 000000014a250360 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 000000014a2502a0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 000000014a2502c0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 000000014a250380 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 000000014a250340 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 000000014a250440 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 000000014a250260 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 000000014a250270 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 000000014a250400 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 000000014a2501f0 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 000000014a250210 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 000000014a250200 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 000000014a250420 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 000000014a250430 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 000000014a250220 .text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 000000014a250280 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\wininit.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\wininit.exe[712] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 000000014a250460 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 000000014a250450 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 000000014a250370 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 000000014a250470 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 000000014a2503e0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 000000014a250320 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 000000014a2503b0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 000000014a250390 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 000000014a2502e0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 000000014a2502d0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 000000014a250310 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 000000014a2503c0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 000000014a2503f0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 000000014a250230 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 000000014a250480 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 000000014a2503a0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 000000014a2502f0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 000000014a250350 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 000000014a250290 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 000000014a2502b0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 000000014a2503d0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 000000014a250330 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 000000014a250410 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 000000014a250240 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 000000014a2501e0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 000000014a250250 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 000000014a250490 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 000000014a2504a0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 000000014a250300 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 000000014a250360 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 000000014a2502a0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 000000014a2502c0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 000000014a250380 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 000000014a250340 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 000000014a250440 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 000000014a250260 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 000000014a250270 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 000000014a250400 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 000000014a2501f0 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 000000014a250210 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 000000014a250200 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 000000014a250420 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 000000014a250430 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 000000014a250220 .text C:\Windows\system32\csrss.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 000000014a250280 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\services.exe[768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\atiesrxx.exe[452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\System32\svchost.exe[1060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\AUDIODG.EXE[1232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\atieclxx.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\WLANExt.exe[1540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe[1208] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2208] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2336] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\Dwm.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000100060460 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000100060370 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000100060470 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000100060320 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000100060390 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000100060310 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000100060230 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000100060480 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000100060350 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000100060290 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000100060330 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000100060250 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000100060490 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000100060200 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000100060420 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000100060430 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\taskhost.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000100060280 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\Explorer.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\Explorer.EXE[2680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2016] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75] .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75] .text ... * 2 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000100070460 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000100070370 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000100070470 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000100070320 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000100070390 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000100070310 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000100070230 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000100070250 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000100070490 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe[2108] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Windows\SysWOW64\MSIService.exe[2552] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[2476] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[2892] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!recv + 83 0000000074d117fb 1 byte [74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 89 0000000074d11861 1 byte [74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 99 0000000074d11943 1 byte [74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 110 0000000074d1194e 1 byte [74] .text C:\Windows\SysWOW64\PnkBstrB.exe[2688] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrB.exe[2688] C:\Windows\SysWOW64\WSOCK32.dll!recv + 83 0000000074d117fb 1 byte [74] .text C:\Windows\SysWOW64\PnkBstrB.exe[2688] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 89 0000000074d11861 1 byte [74] .text C:\Windows\SysWOW64\PnkBstrB.exe[2688] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 99 0000000074d11943 1 byte [74] .text C:\Windows\SysWOW64\PnkBstrB.exe[2688] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 110 0000000074d1194e 1 byte [74] .text C:\Windows\SysWOW64\PnkBstrB.exe[2688] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[2688] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75] .text ... * 2 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000100070460 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000100070370 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000100070470 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000100070320 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000100070390 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000100070310 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000100070230 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000100070250 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000100070490 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\svchost.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3252] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe[3280] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75] .text C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75] .text ... * 2 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Program Files\Windows Sidebar\sidebar.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Users\Kordian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3352] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Users\Kordian\AppData\Local\FluxSoftware\Flux\flux.exe[3464] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Users\Kordian\AppData\Local\FluxSoftware\Flux\flux.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75] .text C:\Users\Kordian\AppData\Local\FluxSoftware\Flux\flux.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75] .text ... * 2 .text C:\Users\Kordian\AppData\Roaming\Dropbox\bin\Dropbox.exe[3492] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Users\Kordian\AppData\Roaming\Dropbox\bin\Dropbox.exe[3492] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75] .text C:\Users\Kordian\AppData\Roaming\Dropbox\bin\Dropbox.exe[3492] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75] .text ... * 2 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\RunDll32.exe[3508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4036] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077378791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75] .text ... * 2 .text C:\Program Files (x86)\MSI\SUPER CHARGER\Super Charger.exe[4064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4072] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[4004] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75] .text ... * 2 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075621465 2 bytes [62, 75] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756214bb 2 bytes [62, 75] .text ... * 2 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 00000001001f0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 00000001001f0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 00000001001f0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 00000001001f0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000001001f03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 00000001001f0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000001001f03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 00000001001f0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000001001f02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000001001f02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 00000001001f0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000001001f03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000001001f03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 00000001001f0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 00000001001f0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000001001f03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000001001f02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 00000001001f0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 00000001001f0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000001001f02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000001001f03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 00000001001f0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 00000001001f0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 00000001001f0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000001001f01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 00000001001f0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 00000001001f0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000001001f04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 00000001001f0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 00000001001f0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000001001f02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000001001f02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 00000001001f0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 00000001001f0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 00000001001f0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 00000001001f0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 00000001001f0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 00000001001f0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000001001f01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 00000001001f0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 00000001001f0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 00000001001f0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 00000001001f0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 00000001001f0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 00000001001f0280 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchIndexer.exe[776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\svchost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\system32\wbem\unsecapp.exe[7976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\wbem\wmiprvse.exe[8176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776e1360 5 bytes JMP 0000000077840460 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776e13b0 5 bytes JMP 0000000077840450 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776e1510 5 bytes JMP 0000000077840370 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776e1560 5 bytes JMP 0000000077840470 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776e1570 5 bytes JMP 00000000778403e0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776e1620 5 bytes JMP 0000000077840320 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776e1650 5 bytes JMP 00000000778403b0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776e1670 5 bytes JMP 0000000077840390 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776e16b0 5 bytes JMP 00000000778402e0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776e1730 5 bytes JMP 00000000778402d0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776e1750 5 bytes JMP 0000000077840310 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776e1790 5 bytes JMP 00000000778403c0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776e17e0 5 bytes JMP 00000000778403f0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776e1940 5 bytes JMP 0000000077840230 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776e1b00 5 bytes JMP 0000000077840480 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776e1b30 5 bytes JMP 00000000778403a0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776e1c10 5 bytes JMP 00000000778402f0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776e1c20 5 bytes JMP 0000000077840350 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776e1c80 5 bytes JMP 0000000077840290 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776e1d10 5 bytes JMP 00000000778402b0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776e1d30 5 bytes JMP 00000000778403d0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776e1d40 5 bytes JMP 0000000077840330 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776e1db0 5 bytes JMP 0000000077840410 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776e1de0 5 bytes JMP 0000000077840240 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776e20a0 5 bytes JMP 00000000778401e0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776e2160 5 bytes JMP 0000000077840250 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776e2190 5 bytes JMP 0000000077840490 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776e21a0 5 bytes JMP 00000000778404a0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776e21d0 5 bytes JMP 0000000077840300 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776e21e0 5 bytes JMP 0000000077840360 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776e2240 5 bytes JMP 00000000778402a0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776e2290 5 bytes JMP 00000000778402c0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776e22c0 5 bytes JMP 0000000077840380 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776e22d0 5 bytes JMP 0000000077840340 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776e25c0 5 bytes JMP 0000000077840440 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776e27c0 5 bytes JMP 0000000077840260 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776e27d0 5 bytes JMP 0000000077840270 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776e27e0 5 bytes JMP 0000000077840400 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776e29a0 5 bytes JMP 00000000778401f0 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776e29b0 5 bytes JMP 0000000077840210 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776e2a20 5 bytes JMP 0000000077840200 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776e2a80 5 bytes JMP 0000000077840420 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776e2a90 5 bytes JMP 0000000077840430 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776e2aa0 5 bytes JMP 0000000077840220 .text C:\Windows\System32\svchost.exe[9128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776e2b80 5 bytes JMP 0000000077840280 .text E:\Pobieranie Chrome\SecurityCheck.exe[7604] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] .text E:\Pobieranie Chrome\l2zi8l1d.exe[6188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007739a2fd 1 byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fee886741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fee8865f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fee8865674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fee8865e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fee8867f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fee8866a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fee8866ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fee8867b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fee8867ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fee88678b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fee8864fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fee8865d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5904] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fee8867584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [4232:5116] 000007fedf1a9688 ---- Processes - GMER 2.1 ---- Process C:\Users\Kordian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (*** suspicious ***) @ C:\Users\Kordian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [3352] (SpotifyWebHelper/Spotify Ltd)(2014-07-18 07:27:11) 0000000000400000 Library C:\Users\Kordian\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Kordian\AppData\Roaming\Dropbox\bin\Dropbox.exe [3492](2014-11-13 06:49:58) 0000000003fc0000 Library c:\users\kordian\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgb0zdf.dll (*** suspicious ***) @ C:\Users\Kordian\AppData\Roaming\Dropbox\bin\Dropbox.exe [3492](2014-12-04 18:44:09) 0000000002360000 Library C:\Users\Kordian\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Kordian\AppData\Roaming\Dropbox\bin\Dropbox.exe [3492](2013-08-23 19:01:44) 000000005a5d0000 Library C:\Users\Kordian\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Kordian\AppData\Roaming\Dropbox\bin\Dropbox.exe [3492] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000059c40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\54271e77451b Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\54271e77451b (not active ControlSet) ---- EOF - GMER 2.1 ----