GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-02 13:31:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GB00 596.17GB Running: 2gu05uf6.exe; Driver: C:\Users\milbus21\AppData\Local\Temp\fwloqpob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 000000014a070460 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 000000014a070450 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 000000014a070370 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 000000014a070470 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 000000014a0703e0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 000000014a070320 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 000000014a0703b0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 000000014a070390 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 000000014a0702e0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 000000014a0702d0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 000000014a070310 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 000000014a0703c0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 000000014a0703f0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 000000014a070230 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 000000014a070480 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 000000014a0703a0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 000000014a0702f0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 000000014a070350 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 000000014a070290 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 000000014a0702b0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 000000014a0703d0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 000000014a070330 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 000000014a070410 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 000000014a070240 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 000000014a0701e0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 000000014a070250 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 000000014a070490 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 000000014a0704a0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 000000014a070300 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 000000014a070360 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 000000014a0702a0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 000000014a0702c0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 000000014a070380 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 000000014a070340 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 000000014a070440 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 000000014a070260 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 000000014a070270 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 000000014a070400 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 000000014a0701f0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 000000014a070210 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 000000014a070200 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 000000014a070420 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 000000014a070430 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 000000014a070220 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 000000014a070280 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\wininit.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 000000014a070460 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 000000014a070450 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 000000014a070370 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 000000014a070470 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 000000014a0703e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 000000014a070320 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 000000014a0703b0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 000000014a070390 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 000000014a0702e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 000000014a0702d0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 000000014a070310 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 000000014a0703c0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 000000014a0703f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 000000014a070230 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 000000014a070480 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 000000014a0703a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 000000014a0702f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 000000014a070350 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 000000014a070290 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 000000014a0702b0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 000000014a0703d0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 000000014a070330 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 000000014a070410 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 000000014a070240 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 000000014a0701e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 000000014a070250 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 000000014a070490 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 000000014a0704a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 000000014a070300 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 000000014a070360 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 000000014a0702a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 000000014a0702c0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 000000014a070380 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 000000014a070340 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 000000014a070440 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 000000014a070260 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 000000014a070270 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 000000014a070400 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 000000014a0701f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 000000014a070210 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 000000014a070200 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 000000014a070420 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 000000014a070430 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 000000014a070220 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 000000014a070280 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\lsm.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\svchost.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\winlogon.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\System32\svchost.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\svchost.exe[384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\AUDIODG.EXE[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\WLANExt.exe[1168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\Explorer.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\Explorer.EXE[1536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\taskhost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\taskeng.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 0000000100070460 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 0000000100070370 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 0000000100070470 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 0000000100070320 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 0000000100070390 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 0000000100070310 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 0000000100070230 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 0000000100070250 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 0000000100070490 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Bonjour\mDNSResponder.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\SysWOW64\svchost.exe[2000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[1212] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\taskeng.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\DllHost.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2224] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\svchost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2328] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754a1465 2 bytes [4A, 75] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754a14bb 2 bytes [4A, 75] .text ... * 2 .text C:\Windows\SysWOW64\DllHost.exe[2740] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Windows\SysWOW64\DllHost.exe[2844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\wbem\wmiprvse.exe[3108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\System32\igfxtray.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\System32\hkcmd.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 0000000100070460 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 0000000100070370 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 0000000100070470 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 0000000100070320 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 0000000100070390 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 0000000100070310 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 0000000100070230 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 0000000100070250 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 0000000100070490 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Windows Sidebar\sidebar.exe[3352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe[3360] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754a1465 2 bytes [4A, 75] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754a14bb 2 bytes [4A, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe[3440] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3340] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[1600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3852] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\AOL\1324837120\ee\aolsoftware.exe[4012] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4072] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4140] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4148] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075ff8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754a1465 2 bytes [4A, 75] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754a14bb 2 bytes [4A, 75] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 0000000100070280 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\iPod\bin\iPodService.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[4876] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\wbem\wmiprvse.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe[5296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5432] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\Sony\VAIO Care\esrv\esrv.exe[5592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\conhost.exe[5608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813b10 6 bytes {NOP ; JMP 0xffffffff88becc4c} .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817ac0 6 bytes {NOP ; JMP 0xffffffff88be88e4} .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files\Internet Explorer\iexplore.exe[6000] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4400] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4400] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4400] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754a1465 2 bytes [4A, 75] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754a14bb 2 bytes [4A, 75] .text ... * 2 .text C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe[6188] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Windows\system32\DllHost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7100] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7100] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7100] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754a1465 2 bytes [4A, 75] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754a14bb 2 bytes [4A, 75] .text ... * 2 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files\Sony\VAIO Update\vuagent.exe[5488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2880] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077841360 5 bytes JMP 00000000779a0460 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778413b0 5 bytes JMP 00000000779a0450 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077841510 5 bytes JMP 00000000779a0370 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077841560 5 bytes JMP 00000000779a0470 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077841570 5 bytes JMP 00000000779a03e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841620 5 bytes JMP 00000000779a0320 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077841650 5 bytes JMP 00000000779a03b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077841670 5 bytes JMP 00000000779a0390 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778416b0 5 bytes JMP 00000000779a02e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077841730 5 bytes JMP 00000000779a02d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077841750 5 bytes JMP 00000000779a0310 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077841790 5 bytes JMP 00000000779a03c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778417e0 5 bytes JMP 00000000779a03f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077841940 5 bytes JMP 00000000779a0230 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b00 5 bytes JMP 00000000779a0480 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077841b30 5 bytes JMP 00000000779a03a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077841c10 5 bytes JMP 00000000779a02f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077841c20 5 bytes JMP 00000000779a0350 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077841c80 5 bytes JMP 00000000779a0290 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077841d10 5 bytes JMP 00000000779a02b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d30 5 bytes JMP 00000000779a03d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077841d40 5 bytes JMP 00000000779a0330 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077841db0 5 bytes JMP 00000000779a0410 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077841de0 5 bytes JMP 00000000779a0240 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778420a0 5 bytes JMP 00000000779a01e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077842160 5 bytes JMP 00000000779a0250 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077842190 5 bytes JMP 00000000779a0490 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778421a0 5 bytes JMP 00000000779a04a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778421d0 5 bytes JMP 00000000779a0300 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778421e0 5 bytes JMP 00000000779a0360 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077842240 5 bytes JMP 00000000779a02a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077842290 5 bytes JMP 00000000779a02c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778422c0 5 bytes JMP 00000000779a0380 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778422d0 5 bytes JMP 00000000779a0340 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778425c0 5 bytes JMP 00000000779a0440 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778427c0 5 bytes JMP 00000000779a0260 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778427d0 5 bytes JMP 00000000779a0270 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778427e0 5 bytes JMP 00000000779a0400 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778429a0 5 bytes JMP 00000000779a01f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778429b0 5 bytes JMP 00000000779a0210 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a20 5 bytes JMP 00000000779a0200 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077842a80 5 bytes JMP 00000000779a0420 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077842a90 5 bytes JMP 00000000779a0430 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842aa0 5 bytes JMP 00000000779a0220 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077842b80 5 bytes JMP 00000000779a0280 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62] .text C:\Program Files\Sony\VAIO Care\listener.exe[5700] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754a1465 2 bytes [4A, 75] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754a14bb 2 bytes [4A, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6480] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] .text C:\Users\milbus21\Downloads\2gu05uf6.exe[1096] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007601a2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\DllHost.exe [2740:2780] 000000006d0628f0 ---- EOF - GMER 2.1 ----