GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-08 05:49:58 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\00000084 ST950032 rev.0003 465,76GB Running: 2qr57phw.exe; Driver: C:\Users\KARINA~1\AppData\Local\Temp\pwtdqpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000149b50460 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000149b50450 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000149b50370 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000149b50470 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 0000000149b503e0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000149b50320 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 0000000149b503b0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000149b50390 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 0000000149b502e0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 0000000149b502d0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000149b50310 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 0000000149b503c0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 0000000149b503f0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000149b50230 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000149b50480 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 0000000149b503a0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 0000000149b502f0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000149b50350 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000149b50290 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 0000000149b502b0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 0000000149b503d0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000149b50330 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000149b50410 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000149b50240 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 0000000149b501e0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000149b50250 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000149b50490 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 0000000149b504a0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000149b50300 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000149b50360 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 0000000149b502a0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 0000000149b502c0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000149b50380 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000149b50340 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000149b50440 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000149b50260 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000149b50270 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000149b50400 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 0000000149b501f0 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000149b50210 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000149b50200 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000149b50420 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000149b50430 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000149b50220 .text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000149b50280 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\wininit.exe[508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000149b50460 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000149b50450 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000149b50370 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000149b50470 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 0000000149b503e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000149b50320 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 0000000149b503b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000149b50390 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 0000000149b502e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 0000000149b502d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000149b50310 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 0000000149b503c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 0000000149b503f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000149b50230 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000149b50480 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 0000000149b503a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 0000000149b502f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000149b50350 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000149b50290 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 0000000149b502b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 0000000149b503d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000149b50330 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000149b50410 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000149b50240 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 0000000149b501e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000149b50250 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000149b50490 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 0000000149b504a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000149b50300 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000149b50360 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 0000000149b502a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 0000000149b502c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000149b50380 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000149b50340 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000149b50440 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000149b50260 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000149b50270 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000149b50400 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 0000000149b501f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000149b50210 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000149b50200 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000149b50420 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000149b50430 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000149b50220 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000149b50280 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\lsass.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\nvvsvc.exe[844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\System32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\System32\svchost.exe[988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\System32\svchost.exe[108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\svchost.exe[344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\AUDIODG.EXE[544] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\nvvsvc.exe[1108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\FBAgent.exe[1376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1400] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\Dwm.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\Explorer.EXE[1580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\Explorer.EXE[1580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\taskeng.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\taskhost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[1056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1280] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1272] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2004] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\taskeng.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\SysWOW64\ACEngSvr.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe[2720] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Windows\SysWOW64\nvSCPAPISvr.exe[2792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2876] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\AsScrPro.exe[2472] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Windows\AsScrPro.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075701465 2 bytes [70, 75] .text C:\Windows\AsScrPro.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757014bb 2 bytes [70, 75] .text ... * 2 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2108] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\svchost.exe[3232] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\System32\WUDFHost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\svchost.exe[3428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3768] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Program Files\Elantech\ETDCtrl.exe[3796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075701465 2 bytes [70, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757014bb 2 bytes [70, 75] .text ... * 2 .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3920] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075b82c91 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075701465 2 bytes [70, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757014bb 2 bytes [70, 75] .text ... * 2 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Program Files\Windows Sidebar\sidebar.exe[3952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1276] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchIndexer.exe[3524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2228] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2732] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[3868] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe[4652] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe[4652] C:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\1045\MSMAPI32.DLL!HrDispatchNotifications@4 + 112 0000000073d71b80 4 bytes [5D, AC, 91, A8] ? C:\Windows\system32\mssprxy.dll [4652] entry point in ".rdata" section 0000000073c571e6 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe[2428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] .text C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075701465 2 bytes [70, 75] .text C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757014bb 2 bytes [70, 75] .text ... * 2 .text C:\Windows\system32\wbem\wmiprvse.exe[3244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d4f1fd 1 byte [62] .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007741f760 5 bytes JMP 0000000077580460 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007741f7b0 5 bytes JMP 0000000077580450 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007741f910 5 bytes JMP 0000000077580370 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007741f960 5 bytes JMP 0000000077580470 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007741f970 5 bytes JMP 00000000775803e0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007741fa20 5 bytes JMP 0000000077580320 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007741fa50 5 bytes JMP 00000000775803b0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007741fa70 5 bytes JMP 0000000077580390 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007741fab0 5 bytes JMP 00000000775802e0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007741fb30 5 bytes JMP 00000000775802d0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007741fb50 5 bytes JMP 0000000077580310 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007741fb90 5 bytes JMP 00000000775803c0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007741fbe0 5 bytes JMP 00000000775803f0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007741fd40 5 bytes JMP 0000000077580230 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007741ff00 5 bytes JMP 0000000077580480 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007741ff30 5 bytes JMP 00000000775803a0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077420010 5 bytes JMP 00000000775802f0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077420020 5 bytes JMP 0000000077580350 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077420080 5 bytes JMP 0000000077580290 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077420110 5 bytes JMP 00000000775802b0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077420130 5 bytes JMP 00000000775803d0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077420140 5 bytes JMP 0000000077580330 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774201b0 5 bytes JMP 0000000077580410 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774201e0 5 bytes JMP 0000000077580240 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774204a0 5 bytes JMP 00000000775801e0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077420560 5 bytes JMP 0000000077580250 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077420590 5 bytes JMP 0000000077580490 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774205a0 5 bytes JMP 00000000775804a0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774205d0 5 bytes JMP 0000000077580300 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774205e0 5 bytes JMP 0000000077580360 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077420640 5 bytes JMP 00000000775802a0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077420690 5 bytes JMP 00000000775802c0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774206c0 5 bytes JMP 0000000077580380 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774206d0 5 bytes JMP 0000000077580340 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774209c0 5 bytes JMP 0000000077580440 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077420bc0 5 bytes JMP 0000000077580260 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077420bd0 5 bytes JMP 0000000077580270 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077420be0 5 bytes JMP 0000000077580400 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077420da0 5 bytes JMP 00000000775801f0 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077420db0 5 bytes JMP 0000000077580210 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077420e20 5 bytes JMP 0000000077580200 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077420e80 5 bytes JMP 0000000077580420 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077420e90 5 bytes JMP 0000000077580430 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077420ea0 5 bytes JMP 0000000077580220 .text C:\Windows\system32\wuauclt.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077420f80 5 bytes JMP 0000000077580280 .text C:\Users\Karina B\Downloads\2qr57phw.exe[1184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007558b0c5 1 byte [62] ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1580] (GG drive overlay/GG Network S.A.)(2012-10-19 16:20:57) 000000005c080000 Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2720](2013-03-10 15:38:45) 000000006fbc0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2720](2013-03-10 15:38:45) 000000006e940000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2720](2013-03-10 15:38:45) 000000006a1c0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2720](2013-03-10 15:38:45) 000000006ff00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???s?????????????????z???s???????????????????n??? ???????u?????n %????????????????????????????????????????X??????????????d??system32\DRIVERS\intelppm.sys?ntelppm.sys?????????????????????