GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-05 13:40:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-4 ST3000DM001-1E6166 rev.CC45 2794,52GB Running: vl2x97y1.exe; Driver: C:\Users\Shelim\AppData\Local\Temp\fxldypoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88004639d64 12 bytes {MOV RAX, 0xfffffa800cb442a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000149f10460 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000149f10450 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000149f10370 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000149f10470 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 0000000149f103e0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000149f10320 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 0000000149f103b0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000149f10390 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 0000000149f102e0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 0000000149f102d0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000149f10310 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 0000000149f103c0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 0000000149f103f0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000149f10230 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000149f10480 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 0000000149f103a0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 0000000149f102f0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000149f10350 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000149f10290 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 0000000149f102b0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 0000000149f103d0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000149f10330 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000149f10410 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000149f10240 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 0000000149f101e0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000149f10250 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000149f10490 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 0000000149f104a0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000149f10300 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000149f10360 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 0000000149f102a0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 0000000149f102c0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000149f10380 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000149f10340 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000149f10440 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000149f10260 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000149f10270 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000149f10400 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 0000000149f101f0 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000149f10210 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000149f10200 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000149f10420 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000149f10430 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000149f10220 .text C:\Windows\system32\csrss.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000149f10280 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\wininit.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\wininit.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000149f10460 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000149f10450 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000149f10370 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000149f10470 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 0000000149f103e0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000149f10320 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 0000000149f103b0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000149f10390 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 0000000149f102e0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 0000000149f102d0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000149f10310 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 0000000149f103c0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 0000000149f103f0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000149f10230 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000149f10480 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 0000000149f103a0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 0000000149f102f0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000149f10350 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000149f10290 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 0000000149f102b0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 0000000149f103d0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000149f10330 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000149f10410 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000149f10240 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 0000000149f101e0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000149f10250 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000149f10490 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 0000000149f104a0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000149f10300 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000149f10360 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 0000000149f102a0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 0000000149f102c0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000149f10380 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000149f10340 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000149f10440 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000149f10260 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000149f10270 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000149f10400 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 0000000149f101f0 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000149f10210 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000149f10200 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000149f10420 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000149f10430 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000149f10220 .text C:\Windows\system32\csrss.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000149f10280 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\services.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\services.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\lsass.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\lsm.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\winlogon.exe[988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\System32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\nvvsvc.exe[1668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files\Tablet\Wacom\WTabletServicePro.exe[1696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[1752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000100070460 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000100070450 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000100070370 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000100070470 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000001000703e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000100070320 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000001000703b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000100070390 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000001000702d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000100070310 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000001000703c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000100070230 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000100070480 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000100070350 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000100070290 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000100070330 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000100070410 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000100070240 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000100070250 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000100070490 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000100070300 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000100070360 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000001000702a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000001000702c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000100070380 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000100070340 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000100070440 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000100070260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000100070270 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000100070400 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000100070210 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000100070200 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000100070420 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000100070430 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000100070280 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\System32\spoolsv.exe[1532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1272] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files (x86)\AFLICS\AfterFLICS.exe[1732] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2080] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe[2196] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\taskhost.exe[2240] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[2584] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\Dwm.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\Explorer.EXE[2736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\Explorer.EXE[2736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe[2860] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe[2552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe[2728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2856] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2856] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75] .text ... * 2 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000100070460 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000100070450 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000100070370 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000100070470 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000001000703e0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000100070320 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000001000703b0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000100070390 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000001000702d0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000100070310 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000001000703c0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000100070230 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000100070480 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000100070350 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000100070290 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000100070330 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000100070410 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000100070240 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000100070250 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000100070490 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000100070300 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000100070360 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000001000702a0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000001000702c0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000100070380 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000100070340 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000100070440 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000100070260 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000100070270 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000100070400 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000100070210 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000100070200 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000100070420 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000100070430 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\explorer.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000100070280 .text C:\Windows\explorer.exe[2492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files\TrueCrypt\TrueCrypt.exe[3036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Windows\system32\svchost.exe[3020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files\Windows Sidebar\sidebar.exe[2876] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe[2940] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files (x86)\Winamp\winampa.exe[2520] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Users\Shelim\AppData\Roaming\Dropbox\bin\Dropbox.exe[1828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Users\Shelim\AppData\Roaming\Dropbox\bin\Dropbox.exe[1828] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75] .text C:\Users\Shelim\AppData\Roaming\Dropbox\bin\Dropbox.exe[1828] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2924] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Windows\SysWOW64\vmnat.exe[3080] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Windows\SysWOW64\vmnat.exe[3080] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 0000000074c113c6 2 bytes [C1, 74] .text C:\Windows\SysWOW64\vmnat.exe[3080] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 0000000074c113f6 2 bytes [C1, 74] .text C:\Windows\SysWOW64\vmnat.exe[3080] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 0000000074c114ad 2 bytes [C1, 74] .text C:\Windows\SysWOW64\vmnat.exe[3080] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 0000000074c114db 2 bytes [C1, 74] .text ... * 2 .text C:\Windows\SysWOW64\vmnat.exe[3080] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 0000000074c11577 2 bytes [C1, 74] .text C:\Windows\SysWOW64\vmnat.exe[3080] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 0000000074c115d7 2 bytes [C1, 74] .text C:\Windows\SysWOW64\vmnat.exe[3080] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 0000000074c11794 2 bytes [C1, 74] .text C:\Windows\SysWOW64\vmnat.exe[3080] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 0000000074c118c1 2 bytes [C1, 74] .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe[3156] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3296] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3476] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Windows\SysWOW64\vmnetdhcp.exe[3492] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[3568] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe[3592] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe[4020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\SearchIndexer.exe[3328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\system32\svchost.exe[5404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007709eecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75] .text ... * 2 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\System32\svchost.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220 .text C:\Windows\System32\svchost.exe[5916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007745fac0 5 bytes JMP 0000000100030600 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007745fb58 5 bytes JMP 0000000100030804 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007745fcb0 5 bytes JMP 0000000100030c0c .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077460038 5 bytes JMP 0000000100030a08 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077461920 5 bytes JMP 0000000100030e10 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007747c4dd 5 bytes JMP 00000001000301f8 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077481287 5 bytes JMP 00000001000303fc .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007550ee09 5 bytes JMP 00000001002101f8 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075513982 5 bytes JMP 00000001002103fc .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075517603 5 bytes JMP 0000000100210804 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007551835c 5 bytes JMP 0000000100210600 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007552f52b 5 bytes JMP 0000000100210a08 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000074fe5181 5 bytes JMP 0000000100221014 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000074fe5254 5 bytes JMP 0000000100220804 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000074fe53d5 5 bytes JMP 0000000100220a08 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000074fe54c2 5 bytes JMP 0000000100220c0c .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000074fe55e2 5 bytes JMP 0000000100220e10 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000074fe567c 5 bytes JMP 00000001002201f8 .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000074fe589f 5 bytes JMP 00000001002203fc .text C:\Windows\SysWOW64\ctfmon.exe[5472] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000074fe5a22 5 bytes JMP 0000000100220600 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007745fac0 5 bytes JMP 0000000100030600 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007745fb58 5 bytes JMP 0000000100030804 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007745fcb0 5 bytes JMP 0000000100030c0c .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077460038 5 bytes JMP 0000000100030a08 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077461920 5 bytes JMP 0000000100030e10 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007747c4dd 5 bytes JMP 00000001000301f8 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077481287 5 bytes JMP 00000001000303fc .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007605a30a 1 byte [62] .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000074fe5181 5 bytes JMP 0000000100241014 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000074fe5254 5 bytes JMP 0000000100240804 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000074fe53d5 5 bytes JMP 0000000100240a08 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000074fe54c2 5 bytes JMP 0000000100240c0c .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000074fe55e2 5 bytes JMP 0000000100240e10 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000074fe567c 5 bytes JMP 00000001002401f8 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000074fe589f 5 bytes JMP 00000001002403fc .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000074fe5a22 5 bytes JMP 0000000100240600 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007550ee09 5 bytes JMP 00000001002501f8 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075513982 5 bytes JMP 00000001002503fc .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075517603 5 bytes JMP 0000000100250804 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007551835c 5 bytes JMP 0000000100250600 .text C:\Users\Shelim\Downloads\vl2x97y1.exe[4260] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007552f52b 5 bytes JMP 0000000100250a08 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001067f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001067cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800106869c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001068a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010688f4] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoWMIRegistrationControl] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!ExFreePoolWithTag] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoWMIWriteEvent] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoRegisterDeviceInterface] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoSetDeviceInterfaceState] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoStartPacket] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoStartTimer] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!RtlInitUnicodeString] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoDeleteDevice] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!KeSetEvent] [f80348078bc87218] [unknown section] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoFreeWorkItem] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!KeInitializeEvent] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!RtlQueryRegistryValues] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!RtlInitAnsiString] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!RtlGetVersion] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoDetachDevice] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!PoRequestPowerIrp] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoCancelIrp] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoStopTimer] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoStartNextPacket] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoAllocateWorkItem] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!_vsnwprintf] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!PoStartNextPowerIrp] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!_vsnprintf] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!ZwClose] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IofCompleteRequest] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoInitializeTimer] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoFreeIrp] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!PoCallDriver] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoAllocateIrp] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!RtlCompareMemory] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!ObfReferenceObject] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoSetStartIoAttributes] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoCreateDevice] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IofCallDriver] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoBuildPartialMdl] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoFreeMdl] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!KeDelayExecutionThread] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoQueueWorkItem] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoAllocateMdl] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!ZwEnumerateValueKey] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoGetDeviceInterfaces] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!ZwOpenKey] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!KeBugCheckEx] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!KeWaitForSingleObject] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!NlsMbCodePageTag] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoIs32bitProcess] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!MmProbeAndLockPages] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!MmUnlockPages] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!IoGetIoPriorityHint] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!EtwUnregister] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!EtwRegister] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!EtwEventEnabled] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!EtwWrite] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!EtwProviderEnabled] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[ntoskrnl.exe!__C_specific_handler] [?] IAT C:\Windows\System32\Drivers\a2jshck1.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] [?] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-4 fffffa800ca392c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800ca392c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800ca392c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa800ca392c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa800ca392c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa800ca392c0 Device \Driver\a2jshck1 \Device\Scsi\a2jshck11 fffffa800e0c72c0 Device \Driver\a2jshck1 \Device\Scsi\a2jshck11Port4Path0Target0Lun0 fffffa800e0c72c0 Device \FileSystem\Ntfs \Ntfs fffffa800d3c42c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800cb482c0 Device \Driver\USBSTOR \Device\0000009a fffffa800ee2f2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800dcda2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800dcda2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D997CF6F-0467-4B3E-A5AE-57BC13C319D4} fffffa800de1e2c0 Device \Driver\USBSTOR \Device\000000a0 fffffa800ee2f2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800cb482c0 Device \Driver\USBSTOR \Device\00000095 fffffa800ee2f2c0 Device \Driver\USBSTOR \Device\00000091 fffffa800ee2f2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{CA4A78AF-1F77-44D4-A972-0BAC138F1E94} fffffa800de1e2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800cb482c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{10A5F405-1A8B-4F1D-8A23-F02D4182D24B} fffffa800de1e2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800de1e2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa800ca392c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800cb482c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800ca392c0 Device \Driver\atapi \Device\ScsiPort2 fffffa800ca392c0 Device \Driver\atapi \Device\ScsiPort3 fffffa800ca392c0 Device \Driver\a2jshck1 \Device\ScsiPort4 fffffa800e0c72c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B81BDCBC-53F5-42A8-9011-8DE62CBFED70} fffffa800de1e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{75B3AA75-F59F-41C3-8063-8D648602370F} fffffa800de1e2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys >>UNKNOWN [0xfffffa800ca392c0]<< sptd.sys ataport.SYS pciide.sys fffffa800ca392c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dad0790] fffffa800dad0790 Trace 3 CLASSPNP.SYS[fffff8800167543f] -> nt!IofCallDriver -> [0xfffffa800d9f5ab0] fffffa800d9f5ab0 Trace 5 vsflt53.sys[fffff880011ddcfd] -> nt!IofCallDriver -> [0xfffffa800d5ea670] fffffa800d5ea670 Trace 7 ACPI.sys[fffff88000f6d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-4[0xfffffa800d8da060] fffffa800d8da060 Trace \Driver\atapi[0xfffffa800d5e3980] -> IRP_MJ_CREATE -> 0xfffffa800ca392c0 fffffa800ca392c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a2jshck1.SYS (USB Mass Storage Class Driver/Microsoft Corporation SIGNED)(2013-01-17 14:05:56) fffff88006374000-fffff880063c5000 (331776 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 63 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 7896291 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x92 0x29 0xCD 0xC5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0xC3 0xBE 0x20 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0x89 0x70 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 63 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 7896291 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x92 0x29 0xCD 0xC5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0xC3 0xBE 0x20 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0x89 0x70 0xF4 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EBE481B9-8EFC-F496-B7D1-CDF6EB82F5A6} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EBE481B9-8EFC-F496-B7D1-CDF6EB82F5A6}@iaekjhghpdljkcgaig 0x6A 0x61 0x61 0x62 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EBE481B9-8EFC-F496-B7D1-CDF6EB82F5A6}@haomphpanglljlcm 0x6A 0x61 0x61 0x62 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EBE481B9-8EFC-F496-B7D1-CDF6EB82F5A6}@hajdffbnhgebjkpk 0x61 0x63 0x6F 0x61 ... ---- EOF - GMER 2.1 ----