GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-02 01:15:33 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB Running: drrgd9gl.exe; Driver: C:\Users\MALGOR~1\AppData\Local\Temp\kglcqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\System32\smss.exe[344] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\csrss.exe[596] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\csrss.exe[680] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\wininit.exe[688] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\winlogon.exe[716] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\services.exe[772] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\lsass.exe[780] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\svchost.exe[884] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\nvvsvc.exe[952] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\System32\svchost.exe[440] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\svchost.exe[232] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\dwm.exe[484] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f940b01532 4 bytes [B0, 40, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f940b0153a 4 bytes [B0, 40, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[784] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f940b0165a 4 bytes [B0, 40, F9, 07] .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007f940b01532 4 bytes [B0, 40, F9, 07] .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007f940b0153a 4 bytes [B0, 40, F9, 07] .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007f940b0165a 4 bytes [B0, 40, F9, 07] .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f94556177a 4 bytes [56, 45, F9, 07] .text C:\WINDOWS\system32\nvvsvc.exe[508] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f945561782 4 bytes [56, 45, F9, 07] .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\svchost.exe[1140] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\System32\spoolsv.exe[1708] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1988] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\CxAudMsg64.exe[1056] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\taskhostex.exe[1156] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1436] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\Explorer.EXE[1540] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\dashost.exe[1536] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007f93b391b32 4 bytes [39, 3B, F9, 07] .text C:\WINDOWS\system32\svchost.exe[2280] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007f93b391b3a 4 bytes [39, 3B, F9, 07] .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\svchost.exe[2844] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Windows\System32\WUDFHost.exe[2888] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f940b01532 4 bytes [B0, 40, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f940b0153a 4 bytes [B0, 40, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f940b0165a 4 bytes [B0, 40, F9, 07] .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\SearchIndexer.exe[3640] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Windows\System32\RuntimeBroker.exe[3804] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f940b01532 4 bytes [B0, 40, F9, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f940b0153a 4 bytes [B0, 40, F9, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f940b0165a 4 bytes [B0, 40, F9, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f93b391b32 4 bytes [39, 3B, F9, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4032] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f93b391b3a 4 bytes [39, 3B, F9, 07] .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Windows\System32\igfxtray.exe[4056] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Windows\System32\hkcmd.exe[4064] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f94556177a 4 bytes [56, 45, F9, 07] .text C:\Windows\System32\igfxpers.exe[3248] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f945561782 4 bytes [56, 45, F9, 07] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2724] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f940b01532 4 bytes [B0, 40, F9, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f940b0153a 4 bytes [B0, 40, F9, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3376] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f940b0165a 4 bytes [B0, 40, F9, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1248] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4028] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[1280] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f9469c2c90 5 bytes JMP 000007f9c6b90460 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f9469c2ce0 5 bytes JMP 000007f9c6b90450 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f9469c2e40 5 bytes JMP 000007f9c6b90370 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f9469c2e90 5 bytes JMP 000007f9c6b90470 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f9469c2ea0 5 bytes JMP 000007f9c6b903e0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f9469c2f50 5 bytes JMP 000007f9c6b90320 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f9469c2f80 5 bytes JMP 000007f9c6b903b0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f9469c2fa0 5 bytes JMP 000007f9c6b90390 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f9469c2fe0 5 bytes JMP 000007f9c6b902e0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f9469c3060 5 bytes JMP 000007f9c6b902d0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f9469c3080 1 byte JMP 000007f9c6b90310 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007f9469c3082 3 bytes {JMP 0xffffffff801cd290} .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f9469c30c0 5 bytes JMP 000007f9c6b903c0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f9469c3110 5 bytes JMP 000007f9c6b903f0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f9469c3281 5 bytes JMP 000007f9c6b90230 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9469c3471 5 bytes JMP 000007f9c6b90480 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f9469c34a1 5 bytes JMP 000007f9c6b903a0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f9469c35b1 5 bytes JMP 000007f9c6b902f0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f9469c35d1 5 bytes JMP 000007f9c6b90350 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9469c3641 5 bytes JMP 000007f9c6b90290 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f9469c36d1 5 bytes JMP 000007f9c6b902b0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f9469c36f1 5 bytes JMP 000007f9c6b903d0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f9469c3701 5 bytes JMP 000007f9c6b90330 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f9469c37a1 5 bytes JMP 000007f9c6b90410 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f9469c37d1 5 bytes JMP 000007f9c6b90240 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f9469c3ae1 5 bytes JMP 000007f9c6b901e0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f9469c3ba1 5 bytes JMP 000007f9c6b90250 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f9469c3bd1 5 bytes JMP 000007f9c6b90490 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f9469c3be1 5 bytes JMP 000007f9c6b904a0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f9469c3c11 5 bytes JMP 000007f9c6b90300 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f9469c3c21 5 bytes JMP 000007f9c6b90360 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f9469c3c81 5 bytes JMP 000007f9c6b902a0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f9469c3cd1 5 bytes JMP 000007f9c6b902c0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f9469c3d01 5 bytes JMP 000007f9c6b90380 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f9469c3d11 5 bytes JMP 000007f9c6b90340 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f9469c4021 5 bytes JMP 000007f9c6b90440 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9469c4221 5 bytes JMP 000007f9c6b90260 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9469c4231 5 bytes JMP 000007f9c6b90270 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9469c4251 5 bytes JMP 000007f9c6b90400 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9469c4431 5 bytes JMP 000007f9c6b901f0 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9469c4441 5 bytes JMP 000007f9c6b90210 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f9469c44b1 5 bytes JMP 000007f9c6b90200 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9469c4521 5 bytes JMP 000007f9c6b90420 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9469c4531 5 bytes JMP 000007f9c6b90430 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9469c4541 5 bytes JMP 000007f9c6b90220 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9469c4651 5 bytes JMP 000007f9c6b90280 .text C:\WINDOWS\system32\AUDIODG.EXE[4624] C:\WINDOWS\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2404] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f945b9f7eb 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2404] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f93b391b32 4 bytes [39, 3B, F9, 07] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2404] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f93b391b3a 4 bytes [39, 3B, F9, 07] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [680:696] fffff960008a55e8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----