GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-28 17:14:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10S21X-24R1BT0-SSHD-8GB rev.03.01A01 931,51GB Running: gmer.exe; Driver: C:\Users\Darek\AppData\Local\Temp\kwddikog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!EngSetLastError + 620 fffff96000125108 8 bytes [54, 40, A9, 06, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000154300 7 bytes [00, A1, F3, FF, 41, B4, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000154308 3 bytes [00, 07, 02] .text ... * 107 .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 304 fffff9600021b200 6 bytes {JMP QWORD [RIP-0xbb862]} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000149cb0460 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000149cb0450 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000149cb0370 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000149cb0470 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 0000000149cb03e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000149cb0320 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 0000000149cb03b0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000149cb0390 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 0000000149cb02e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 0000000149cb02d0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000149cb0310 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 0000000149cb03c0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 0000000149cb03f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000149cb0230 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000149cb0480 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 0000000149cb03a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 0000000149cb02f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000149cb0350 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000149cb0290 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 0000000149cb02b0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 0000000149cb03d0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000149cb0330 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000149cb0410 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000149cb0240 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 0000000149cb01e0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000149cb0250 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000149cb0490 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 0000000149cb04a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000149cb0300 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000149cb0360 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 0000000149cb02a0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 0000000149cb02c0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000149cb0380 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000149cb0340 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000149cb0440 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000149cb0260 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000149cb0270 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000149cb0400 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 0000000149cb01f0 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000149cb0210 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000149cb0200 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000149cb0420 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000149cb0430 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000149cb0220 .text C:\Windows\system32\csrss.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000149cb0280 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\wininit.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\wininit.exe[608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000149cb0460 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000149cb0450 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000149cb0370 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000149cb0470 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 0000000149cb03e0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000149cb0320 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 0000000149cb03b0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000149cb0390 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 0000000149cb02e0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 0000000149cb02d0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000149cb0310 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 0000000149cb03c0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 0000000149cb03f0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000149cb0230 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000149cb0480 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 0000000149cb03a0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 0000000149cb02f0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000149cb0350 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000149cb0290 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 0000000149cb02b0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 0000000149cb03d0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000149cb0330 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000149cb0410 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000149cb0240 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 0000000149cb01e0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000149cb0250 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000149cb0490 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 0000000149cb04a0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000149cb0300 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000149cb0360 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 0000000149cb02a0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 0000000149cb02c0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000149cb0380 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000149cb0340 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000149cb0440 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000149cb0260 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000149cb0270 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000149cb0400 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 0000000149cb01f0 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000149cb0210 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000149cb0200 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000149cb0420 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000149cb0430 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000149cb0220 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000149cb0280 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\services.exe[720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\lsm.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\svchost.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\nvvsvc.exe[940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\System32\svchost.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\svchost.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\svchost.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\AUDIODG.EXE[1048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd382db0 5 bytes JMP 000007fffd370180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3837d0 7 bytes JMP 000007fffd3700d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd388ef0 6 bytes JMP 000007fffd370148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd39af60 5 bytes JMP 000007fffd370110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec489f0 8 bytes JMP 000007fffd3701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec4be50 8 bytes JMP 000007fffd3701b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee67490 11 bytes JMP 000007fffd370228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee7bf00 7 bytes JMP 000007fffd370260 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd382db0 5 bytes JMP 000007fffd370180 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3837d0 7 bytes JMP 000007fffd3700d8 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd388ef0 6 bytes JMP 000007fffd370148 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd39af60 5 bytes JMP 000007fffd370110 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec489f0 8 bytes JMP 000007fffd3701f0 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec4be50 8 bytes JMP 000007fffd3701b8 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef9a34da4 7 bytes JMP 000007fff9a200d8 .text C:\Windows\system32\Dwm.exe[1420] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef9a59af4 7 bytes JMP 000007fff9a20110 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000100070250 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[1488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\WLANExt.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files (x86)\WinZipper\winzipersvc.exe[1852] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007575a2fd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\taskhost.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\taskeng.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\System32\spoolsv.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007717a400 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077183f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007719ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771af2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771d9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771e94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000771e9630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772087e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd382db0 5 bytes JMP 000007fffd370180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3837d0 7 bytes JMP 000007fffd3700d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd388ef0 6 bytes JMP 000007fffd370148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd39af60 5 bytes JMP 000007fffd370110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec489f0 8 bytes JMP 000007fffd3701f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec4be50 8 bytes JMP 000007fffd3701b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee67490 11 bytes JMP 000007fffd370228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee7bf00 7 bytes JMP 000007fffd370260 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007575a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075731f0e 7 bytes JMP 0000000171221695 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075735bad 7 bytes JMP 00000001712211a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075741409 7 bytes JMP 000000017122128a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007574ea45 7 bytes JMP 0000000171221244 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007575a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007575b21b 5 bytes JMP 00000001712215aa .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757d8e24 7 bytes JMP 0000000171221339 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000757d8ea9 5 bytes JMP 00000001712216d6 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000757d91ff 5 bytes JMP 000000017122170d .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000001712211c2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dd7 5 bytes JMP 0000000171221014 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 0000000171221555 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 0000000171221271 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076048a29 5 bytes JMP 0000000171221726 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076054572 5 bytes JMP 00000001712210a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007606e567 5 bytes JMP 0000000171221415 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000760a7a5c 5 bytes JMP 00000001712215d2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076eae96b 5 bytes JMP 00000001712215c3 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076eaeba5 5 bytes JMP 0000000171221186 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075035ea5 5 bytes JMP 00000001712215fa .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075069d0b 5 bytes JMP 000000017122121c .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007717a400 7 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077183f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007719ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771af2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771d9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771e94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000771e9630 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772087e0 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd382db0 5 bytes JMP 000007fffd330180 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3837d0 7 bytes JMP 000007fffd3300d8 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd388ef0 6 bytes JMP 000007fffd330148 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd39af60 5 bytes JMP 000007fffd330110 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec489f0 8 bytes JMP 000007fffd3301f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec4be50 8 bytes JMP 000007fffd3301b8 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee67490 11 bytes JMP 000007fffd330228 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2972] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee7bf00 7 bytes JMP 000007fffd330260 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007717a400 7 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077183f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007719ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771af2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771d9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771e94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000771e9630 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772087e0 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd382db0 5 bytes JMP 000007fffd370180 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3837d0 7 bytes JMP 000007fffd3700d8 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd388ef0 6 bytes JMP 000007fffd370148 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd39af60 5 bytes JMP 000007fffd370110 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec489f0 8 bytes JMP 000007fffd3701f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2192] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec4be50 8 bytes JMP 000007fffd3701b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2444] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007717a400 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077183f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007719ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771af2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771d9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771e94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000771e9630 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772087e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd382db0 5 bytes JMP 000007fffd330180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3837d0 7 bytes JMP 000007fffd3300d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd388ef0 6 bytes JMP 000007fffd330148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd39af60 5 bytes JMP 000007fffd330110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec489f0 8 bytes JMP 000007fffd3301f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec4be50 8 bytes JMP 000007fffd3301b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef3c32460 5 bytes JMP 000007fefd3302d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2536] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef3c696b0 6 bytes JMP 000007fefd330298 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\conhost.exe[3076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[3104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075731f0e 7 bytes JMP 0000000171221695 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075735bad 7 bytes JMP 00000001712211a9 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075741409 7 bytes JMP 000000017122128a .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007574ea45 7 bytes JMP 0000000171221244 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007575a2fd 1 byte [62] .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007575b21b 5 bytes JMP 00000001712215aa .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757d8e24 7 bytes JMP 0000000171221339 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000757d8ea9 5 bytes JMP 00000001712216d6 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000757d91ff 5 bytes JMP 000000017122170d .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000001712211c2 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dd7 5 bytes JMP 0000000171221014 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 0000000171221555 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 0000000171221271 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076eae96b 5 bytes JMP 00000001712215c3 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076eaeba5 5 bytes JMP 0000000171221186 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076048a29 5 bytes JMP 0000000171221726 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076054572 5 bytes JMP 00000001712210a0 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007606e567 5 bytes JMP 0000000171221415 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000760a7a5c 5 bytes JMP 00000001712215d2 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759c1401 2 bytes JMP 7575b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759c1419 2 bytes JMP 7575b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759c1431 2 bytes JMP 757d8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759c144a 2 bytes CALL 757348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759c14dd 2 bytes JMP 757d87a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759c14f5 2 bytes JMP 757d8978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759c150d 2 bytes JMP 757d8698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759c1525 2 bytes JMP 757d8a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759c153d 2 bytes JMP 7574fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759c1555 2 bytes JMP 757568ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759c156d 2 bytes JMP 757d8f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759c1585 2 bytes JMP 757d8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759c159d 2 bytes JMP 757d865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759c15b5 2 bytes JMP 7574fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759c15cd 2 bytes JMP 7575b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759c16b2 2 bytes JMP 757d8e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\AppData\Roaming\uTorrent\uTorrent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759c16bd 2 bytes JMP 757d85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007717a400 7 bytes JMP 000000016fff0260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077183f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007719ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771af2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771d9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771e94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000771e9630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772087e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd382db0 5 bytes JMP 000007fffd330180 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3837d0 7 bytes JMP 000007fffd3300d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd388ef0 6 bytes JMP 000007fffd330148 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd39af60 5 bytes JMP 000007fffd330110 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec489f0 8 bytes JMP 000007fffd3301f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3248] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec4be50 8 bytes JMP 000007fffd3301b8 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3332] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075738791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007575a2fd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\SearchIndexer.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5060] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd382db0 5 bytes JMP 000007fffd370180 .text C:\Windows\system32\wbem\unsecapp.exe[4824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3837d0 7 bytes JMP 000007fffd3700d8 .text C:\Windows\system32\wbem\unsecapp.exe[4824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd388ef0 6 bytes JMP 000007fffd370148 .text C:\Windows\system32\wbem\unsecapp.exe[4824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd39af60 5 bytes JMP 000007fffd370110 .text C:\Windows\system32\wbem\unsecapp.exe[4824] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee67490 11 bytes JMP 000007fffd370228 .text C:\Windows\system32\wbem\unsecapp.exe[4824] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee7bf00 7 bytes JMP 000007fffd370260 .text C:\Windows\system32\wbem\unsecapp.exe[4824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec489f0 8 bytes JMP 000007fffd3701f0 .text C:\Windows\system32\wbem\unsecapp.exe[4824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec4be50 8 bytes JMP 000007fffd3701b8 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\wbem\wmiprvse.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007717a400 7 bytes JMP 000000016fff0260 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077183f20 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007719ffb0 5 bytes JMP 000000016fff01f0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771af2e0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771d9a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771e94c0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000771e9630 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772087e0 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd382db0 5 bytes JMP 000007fffd370180 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3837d0 7 bytes JMP 000007fffd3700d8 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd388ef0 6 bytes JMP 000007fffd370148 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd39af60 5 bytes JMP 000007fffd370110 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec489f0 8 bytes JMP 000007fffd3701f0 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec4be50 8 bytes JMP 000007fffd3701b8 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee67490 11 bytes JMP 000007fffd370228 .text C:\Windows\system32\igfxEM.exe[5236] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee7bf00 7 bytes JMP 000007fffd370260 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007717a400 7 bytes JMP 000000016fff0260 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077183f20 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007719ffb0 5 bytes JMP 000000016fff01f0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771af2e0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771cef8d 1 byte [62] .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771d9a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000771e94c0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000771e9630 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772087e0 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd382db0 5 bytes JMP 000007fffd370180 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3837d0 7 bytes JMP 000007fffd3700d8 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd388ef0 6 bytes JMP 000007fffd370148 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd39af60 5 bytes JMP 000007fffd370110 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 0000000077076c80 5 bytes JMP 000000016fff0308 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000000007707a5b4 5 bytes JMP 000000016fff02d0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000077080810 7 bytes JMP 000000016fff0340 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000000007708ccec 9 bytes JMP 000000016fff0298 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec489f0 8 bytes JMP 000007fffd3701f0 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec4be50 8 bytes JMP 000007fffd3701b8 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee67490 11 bytes JMP 000007fffd370228 .text C:\Windows\system32\igfxHK.exe[5312] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee7bf00 7 bytes JMP 000007fffd370260 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772e1360 5 bytes JMP 0000000077440460 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772e13b0 5 bytes JMP 0000000077440450 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1510 5 bytes JMP 0000000077440370 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772e1560 5 bytes JMP 0000000077440470 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e1570 5 bytes JMP 00000000774403e0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772e1620 5 bytes JMP 0000000077440320 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772e1650 5 bytes JMP 00000000774403b0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772e1670 5 bytes JMP 0000000077440390 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772e16b0 5 bytes JMP 00000000774402e0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772e1730 5 bytes JMP 00000000774402d0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772e1750 5 bytes JMP 0000000077440310 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772e1790 5 bytes JMP 00000000774403c0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772e17e0 5 bytes JMP 00000000774403f0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772e1940 5 bytes JMP 0000000077440230 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772e1b00 5 bytes JMP 0000000077440480 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772e1b30 5 bytes JMP 00000000774403a0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772e1c10 5 bytes JMP 00000000774402f0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772e1c20 5 bytes JMP 0000000077440350 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772e1c80 5 bytes JMP 0000000077440290 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772e1d10 5 bytes JMP 00000000774402b0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772e1d30 5 bytes JMP 00000000774403d0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772e1d40 5 bytes JMP 0000000077440330 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772e1db0 5 bytes JMP 0000000077440410 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772e1de0 5 bytes JMP 0000000077440240 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772e20a0 5 bytes JMP 00000000774401e0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772e2160 5 bytes JMP 0000000077440250 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772e2190 5 bytes JMP 0000000077440490 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e21a0 5 bytes JMP 00000000774404a0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772e21d0 5 bytes JMP 0000000077440300 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772e21e0 5 bytes JMP 0000000077440360 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772e2240 5 bytes JMP 00000000774402a0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772e2290 5 bytes JMP 00000000774402c0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e22c0 5 bytes JMP 0000000077440380 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772e22d0 5 bytes JMP 0000000077440340 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772e25c0 5 bytes JMP 0000000077440440 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772e27c0 5 bytes JMP 0000000077440260 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772e27d0 5 bytes JMP 0000000077440270 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e27e0 5 bytes JMP 0000000077440400 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772e29a0 5 bytes JMP 00000000774401f0 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772e29b0 5 bytes JMP 0000000077440210 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772e2a20 5 bytes JMP 0000000077440200 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772e2a80 5 bytes JMP 0000000077440420 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772e2a90 5 bytes JMP 0000000077440430 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772e2aa0 5 bytes JMP 0000000077440220 .text C:\Windows\system32\igfxTray.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772e2b80 5 bytes JMP 0000000077440280 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075731f0e 7 bytes JMP 0000000171221695 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075735bad 7 bytes JMP 00000001712211a9 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075741409 7 bytes JMP 000000017122128a .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007574ea45 7 bytes JMP 0000000171221244 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007575a2fd 1 byte [62] .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007575b21b 5 bytes JMP 00000001712215aa .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757d8e24 7 bytes JMP 0000000171221339 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000757d8ea9 5 bytes JMP 00000001712216d6 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000757d91ff 5 bytes JMP 000000017122170d .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000001712211c2 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dd7 5 bytes JMP 0000000171221014 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 0000000171221555 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 0000000171221271 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000076048a29 5 bytes JMP 0000000171221726 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000076054572 5 bytes JMP 00000001712210a0 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesW 000000007606e567 5 bytes JMP 0000000171221415 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 00000000760a7a5c 5 bytes JMP 00000001712215d2 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076eae96b 5 bytes JMP 00000001712215c3 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076eaeba5 5 bytes JMP 0000000171221186 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 00000000759c1401 2 bytes JMP 7575b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 00000000759c1419 2 bytes JMP 7575b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 00000000759c1431 2 bytes JMP 757d8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 00000000759c144a 2 bytes CALL 757348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000759c14dd 2 bytes JMP 757d87a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000759c14f5 2 bytes JMP 757d8978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 00000000759c150d 2 bytes JMP 757d8698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 00000000759c1525 2 bytes JMP 757d8a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 00000000759c153d 2 bytes JMP 7574fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 00000000759c1555 2 bytes JMP 757568ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 00000000759c156d 2 bytes JMP 757d8f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 00000000759c1585 2 bytes JMP 757d8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 00000000759c159d 2 bytes JMP 757d865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000759c15b5 2 bytes JMP 7574fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000759c15cd 2 bytes JMP 7575b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000759c16b2 2 bytes JMP 757d8e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\OTL_[www.programosy.pl].exe[5988] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000759c16bd 2 bytes JMP 757d85f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075731f0e 7 bytes JMP 0000000171221695 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075735bad 7 bytes JMP 00000001712211a9 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075741409 7 bytes JMP 000000017122128a .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007574ea45 7 bytes JMP 0000000171221244 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007575a2fd 1 byte [62] .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007575b21b 5 bytes JMP 00000001712215aa .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757d8e24 7 bytes JMP 0000000171221339 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000757d8ea9 5 bytes JMP 00000001712216d6 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000757d91ff 5 bytes JMP 000000017122170d .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000001712211c2 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dd7 5 bytes JMP 0000000171221014 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 0000000171221555 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 0000000171221271 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076eae96b 5 bytes JMP 00000001712215c3 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076eaeba5 5 bytes JMP 0000000171221186 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076048a29 5 bytes JMP 0000000171221726 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076054572 5 bytes JMP 00000001712210a0 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007606e567 5 bytes JMP 0000000171221415 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000760a7a5c 5 bytes JMP 00000001712215d2 .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075035ea5 5 bytes JMP 00000001712215fa .text C:\Users\Darek\Downloads\gmer\gmer.exe[4880] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075069d0b 5 bytes JMP 000000017122121c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007575a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007575a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007575a2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread System [4:4248] fffff8802277d518 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90489a65f86c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90489a65f86c@0011670003c2 0x55 0x57 0x31 0x19 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90489a65f86c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90489a65f86c@0011670003c2 0x55 0x57 0x31 0x19 ... ---- EOF - GMER 2.1 ----