GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-15 20:38:31 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB Running: ic9jq2qs.exe; Driver: C:\Users\TOMAS_~1\AppData\Local\Temp\kwrdrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\System32\smss.exe[372] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\csrss.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\winlogon.exe[796] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\svchost.exe[872] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\svchost.exe[912] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdfb7230e0 7 bytes JMP 00007ffef8f402d0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdfb724478 7 bytes JMP 00007ffef8f40308 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdfb7d11a8 7 bytes JMP 00007ffef8f40340 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffdfb7d121c 7 bytes JMP 00007ffef8f403b0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffdfb7d1668 7 bytes JMP 00007ffef8f40378 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ffdfb7d72d0 7 bytes JMP 00007ffef8f40260 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdfb7fd5a4 7 bytes JMP 00007ffef8f40228 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdfb7fd614 7 bytes JMP 00007ffef8f40298 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdf8f52164 7 bytes JMP 00007ffef8f400d8 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffdf8f54ee8 5 bytes JMP 00007ffef8f40180 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdf8f550a0 5 bytes JMP 00007ffef8f40148 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdf8f558c0 5 bytes JMP 00007ffef8f40110 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffdfb927b64 10 bytes JMP 00007ffef8f40490 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffdfb942910 5 bytes JMP 00007ffef8f40420 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffdfb944578 5 bytes JMP 00007ffef8f40458 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdfb944980 9 bytes JMP 00007ffef8f403e8 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdfb5c1500 8 bytes JMP 00007ffef8f401b8 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdfb5c1750 8 bytes JMP 00007ffef8f401f0 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007ffdf6c3705c 5 bytes JMP 00007ffef6a800d8 .text C:\WINDOWS\system32\dwm.exe[308] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007ffdf6c37678 5 bytes JMP 00007ffef6a80110 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\nvvsvc.exe[392] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\System32\svchost.exe[968] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\svchost.exe[1040] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\svchost.exe[1068] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1136] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdf953169a 4 bytes [53, F9, FD, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdf95316a2 4 bytes [53, F9, FD, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdf953181a 4 bytes [53, F9, FD, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[1144] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdf9531832 4 bytes [53, F9, FD, 7F] .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\System32\svchost.exe[1168] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdf953169a 4 bytes [53, F9, FD, 7F] .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdf95316a2 4 bytes [53, F9, FD, 7F] .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdf953181a 4 bytes [53, F9, FD, 7F] .text C:\WINDOWS\System32\spoolsv.exe[1776] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdf9531832 4 bytes [53, F9, FD, 7F] .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1996] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\dashost.exe[1184] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1240] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\svchost.exe[2272] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\taskhostex.exe[2524] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\Explorer.EXE[2688] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2756] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\conhost.exe[2764] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\svchost.exe[2652] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\svchost.exe[2428] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Windows\System32\WUDFHost.exe[3144] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\System32\svchost.exe[3432] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3820] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Windows\System32\SettingSyncHost.exe[4268] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4376] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\DllHost.exe[4548] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\WINDOWS\system32\SearchIndexer.exe[4784] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Windows\System32\skydrive.exe[4904] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffdedd31f6a 4 bytes [D3, ED, FD, 7F] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4996] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffdedd31f82 4 bytes [D3, ED, FD, 7F] .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\Elantech\ETDCtrl.exe[3772] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[972] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5252] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5316] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5388] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Windows\RTFTrack.exe[5420] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\Elantech\ETDIntelligent.exe[5468] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe[5484] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[5544] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[5556] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Windows\System32\igfxtray.exe[5576] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Windows\System32\hkcmd.exe[5628] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdf953169a 4 bytes [53, F9, FD, 7F] .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdf95316a2 4 bytes [53, F9, FD, 7F] .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdf953181a 4 bytes [53, F9, FD, 7F] .text C:\Windows\System32\igfxpers.exe[5688] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdf9531832 4 bytes [53, F9, FD, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffdfbb96620 5 bytes JMP 00007ffe7bcc0460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffdfbb96670 5 bytes JMP 00007ffe7bcc0450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffdfbb967d0 5 bytes JMP 00007ffe7bcc0370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffdfbb96820 5 bytes JMP 00007ffe7bcc0470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffdfbb96830 5 bytes JMP 00007ffe7bcc03e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffdfbb968e0 5 bytes JMP 00007ffe7bcc0320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffdfbb96910 5 bytes JMP 00007ffe7bcc03b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffdfbb96930 5 bytes JMP 00007ffe7bcc0390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffdfbb96970 5 bytes JMP 00007ffe7bcc02e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffdfbb969f0 5 bytes JMP 00007ffe7bcc02d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffdfbb96a10 5 bytes JMP 00007ffe7bcc0310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffdfbb96a50 5 bytes JMP 00007ffe7bcc03c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffdfbb96aa0 5 bytes JMP 00007ffe7bcc03f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffdfbb96c00 5 bytes JMP 00007ffe7bcc0230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffdfbb96df0 1 byte JMP 00007ffe7bcc0480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffdfbb96df2 3 bytes {JMP 0xffffffff80129690} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffdfbb96e20 5 bytes JMP 00007ffe7bcc03a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffdfbb96f40 5 bytes JMP 00007ffe7bcc02f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffdfbb96f60 5 bytes JMP 00007ffe7bcc0350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffdfbb96fd0 5 bytes JMP 00007ffe7bcc0290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffdfbb97060 5 bytes JMP 00007ffe7bcc02b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffdfbb97080 5 bytes JMP 00007ffe7bcc03d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffdfbb97090 5 bytes JMP 00007ffe7bcc0330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffdfbb97140 5 bytes JMP 00007ffe7bcc0410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffdfbb97170 5 bytes JMP 00007ffe7bcc0240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffdfbb97490 5 bytes JMP 00007ffe7bcc01e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffdfbb97550 5 bytes JMP 00007ffe7bcc0250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffdfbb97580 5 bytes JMP 00007ffe7bcc0490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffdfbb97590 5 bytes JMP 00007ffe7bcc04a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffdfbb975c0 5 bytes JMP 00007ffe7bcc0300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffdfbb975d0 1 byte JMP 00007ffe7bcc0360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffdfbb975d2 3 bytes {JMP 0xffffffff80128d90} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffdfbb97630 5 bytes JMP 00007ffe7bcc02a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffdfbb97680 5 bytes JMP 00007ffe7bcc02c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffdfbb976b0 5 bytes JMP 00007ffe7bcc0380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffdfbb976c0 5 bytes JMP 00007ffe7bcc0340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffdfbb979d0 5 bytes JMP 00007ffe7bcc0440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffdfbb97bd0 1 byte JMP 00007ffe7bcc0260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffdfbb97bd2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffdfbb97be0 1 byte JMP 00007ffe7bcc0270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffdfbb97be2 3 bytes {JMP 0xffffffff80128690} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffdfbb97c00 5 bytes JMP 00007ffe7bcc0400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffdfbb97de0 5 bytes JMP 00007ffe7bcc01f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffdfbb97df0 5 bytes JMP 00007ffe7bcc0210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffdfbb97e80 5 bytes JMP 00007ffe7bcc0200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffdfbb97ef0 5 bytes JMP 00007ffe7bcc0420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffdfbb97f00 5 bytes JMP 00007ffe7bcc0430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffdfbb97f10 5 bytes JMP 00007ffe7bcc0220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffdfbb98020 5 bytes JMP 00007ffe7bcc0280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffdedd31f6a 4 bytes [D3, ED, FD, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1468] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffdedd31f82 4 bytes [D3, ED, FD, 7F] .text C:\WINDOWS\notepad.exe[3044] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffdfb73977d 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [704:728] fffff960009ad4d0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----