GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-09 20:03:36 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 ST500LM012_HN-M500MBB rev.2AR10002 465,76GB Running: tsj0num6.exe; Driver: C:\Users\Kamila\AppData\Local\Temp\uxloapow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600011eb00 7 bytes [00, 0B, 7E, 01, 00, 58, F2] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8 fffff9600011eb08 7 bytes [01, 11, BF, FF, 00, F7, DA] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\System32\smss.exe[352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\csrss.exe[532] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\wininit.exe[608] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\csrss.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\winlogon.exe[680] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\services.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\lsass.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\svchost.exe[824] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\Windows\system32\nvvsvc.exe[896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\svchost.exe[1012] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\dwm.exe[412] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\System32\svchost.exe[840] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9714d1532 4 bytes [4D, 71, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9714d153a 4 bytes [4D, 71, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1036] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9714d165a 4 bytes [4D, 71, F9, 07] .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007f9714d1532 4 bytes [4D, 71, F9, 07] .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007f9714d153a 4 bytes [4D, 71, F9, 07] .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007f9714d165a 4 bytes [4D, 71, F9, 07] .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f97752177a 4 bytes [52, 77, F9, 07] .text C:\WINDOWS\system32\nvvsvc.exe[1048] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f977521782 4 bytes [52, 77, F9, 07] .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\Hpservice.exe[1204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f97752177a 4 bytes [52, 77, F9, 07] .text C:\WINDOWS\Explorer.EXE[1848] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f977521782 4 bytes [52, 77, F9, 07] .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\System32\spoolsv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\svchost.exe[2004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\taskhostex.exe[2036] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 52, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 52, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 52, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 52, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\svchost.exe[2216] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe[2296] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9714d1532 4 bytes [4D, 71, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9714d153a 4 bytes [4D, 71, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2324] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9714d165a 4 bytes [4D, 71, F9, 07] .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\Program Files\Bonjour\mDNSResponder.exe[2452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 13, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 13, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 13, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 13, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 2C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 2C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 2C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 2C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 4D, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 4D, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 4D, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 4D, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2652] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 1C, 00, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2732] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2740] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, FE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, FE, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, FE, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, FE, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2768] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\System32\hkcmd.exe[1384] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f97752177a 4 bytes [52, 77, F9, 07] .text C:\WINDOWS\System32\igfxpers.exe[1524] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f977521782 4 bytes [52, 77, F9, 07] .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\Program Files\IDT\WDM\sttray64.exe[1428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 2B, 00, 00, 00, 00, ...] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 2B, 00, 00, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 2B, 00, 00, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 2B, 00, 00, 00, 00, 00] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[1648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, CE, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, CE, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, CE, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, CE, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\svchost.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\svchost.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe[3796] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe[3908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\SearchIndexer.exe[3916] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 1C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 1C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3944] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 61, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 61, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 61, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 61, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, EC, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, EC, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, EC, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, EC, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe[2588] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 04, 01, 00, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 04, 01, 00, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 04, 01, 00, 00, 00, 00] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[4160] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\wbem\unsecapp.exe[4724] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4792] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9714d1532 4 bytes [4D, 71, F9, 07] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9714d153a 4 bytes [4D, 71, F9, 07] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2780] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9714d165a 4 bytes [4D, 71, F9, 07] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 04, 01, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 04, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 04, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 04, 01, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3604] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 5C, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 5C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 5C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 5C, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3688] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, A3, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, A3, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, A3, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, A3, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes JMP 000007f9f7740460 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes JMP 000007f9f7740450 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes JMP 000007f9f7740370 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes JMP 000007f9f7740470 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes JMP 000007f9f77403e0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes JMP 000007f9f7740320 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes JMP 000007f9f77403b0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes JMP 000007f9f7740390 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes JMP 000007f9f77402e0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes JMP 000007f9f77402d0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes JMP 000007f9f7740310 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes JMP 000007f9f77403c0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes JMP 000007f9f77403f0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes JMP 000007f9f7740230 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes JMP 000007f9f7740480 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes JMP 000007f9f77403a0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes JMP 000007f9f77402f0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes JMP 000007f9f7740350 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes JMP 000007f9f7740290 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes JMP 000007f9f77402b0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes JMP 000007f9f77403d0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes JMP 000007f9f7740330 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes JMP 000007f9f7740410 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes JMP 000007f9f7740240 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes JMP 000007f9f77401e0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes JMP 000007f9f7740250 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes JMP 000007f9f7740490 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes JMP 000007f9f77404a0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 5 bytes JMP 000007f9f7740300 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 5 bytes JMP 000007f9f7740360 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 5 bytes JMP 000007f9f77402a0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 5 bytes JMP 000007f9f77402c0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 5 bytes JMP 000007f9f7740380 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 5 bytes JMP 000007f9f7740340 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 5 bytes JMP 000007f9f7740440 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 5 bytes JMP 000007f9f7740260 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 5 bytes JMP 000007f9f7740270 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 5 bytes JMP 000007f9f7740400 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 5 bytes JMP 000007f9f77401f0 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 5 bytes JMP 000007f9f7740210 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 5 bytes JMP 000007f9f7740200 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 5 bytes JMP 000007f9f7740420 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 5 bytes JMP 000007f9f7740430 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 5 bytes JMP 000007f9f7740220 .text C:\WINDOWS\system32\svchost.exe[3268] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 5 bytes JMP 000007f9f7740280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 4A, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 4A, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 4A, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 4A, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, F5, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, F5, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, F5, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, F5, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5240] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, E6, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, E6, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, E6, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, E6, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, D2, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, D2, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, D2, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, D2, 00, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7084] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007f977572c10 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 6 000007f977572c16 8 bytes [60, 04, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 000007f977572c60 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject + 6 000007f977572c66 8 bytes [50, 04, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 000007f977572dc0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess + 6 000007f977572dc6 8 bytes [70, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007f977572e10 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 6 000007f977572e16 8 bytes [70, 04, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f977572e20 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess + 6 000007f977572e26 8 bytes [E0, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 000007f977572ed0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection + 6 000007f977572ed6 8 bytes [20, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f977572f00 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6 000007f977572f06 8 bytes [B0, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 000007f977572f20 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject + 6 000007f977572f26 8 bytes [90, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 000007f977572f60 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent + 6 000007f977572f66 8 bytes [E0, 02, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 000007f977572fe0 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent + 6 000007f977572fe6 8 bytes [D0, 02, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 000007f977573000 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection + 6 000007f977573006 8 bytes [10, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 000007f977573040 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread + 6 000007f977573046 8 bytes [C0, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 000007f977573090 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread + 6 000007f977573096 8 bytes [F0, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 000007f977573201 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry + 6 000007f977573207 8 bytes [30, 02, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007f9775733f1 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 6 000007f9775733f7 8 bytes [80, 04, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007f977573421 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 6 000007f977573427 8 bytes [A0, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 000007f977573531 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair + 6 000007f977573537 8 bytes [F0, 02, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007f977573551 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 6 000007f977573557 8 bytes [50, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 000007f9775735c1 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant + 6 000007f9775735c7 8 bytes [90, 02, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007f977573651 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore + 6 000007f977573657 8 bytes [B0, 02, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f977573671 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6 000007f977573677 8 bytes [D0, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 000007f977573681 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer + 6 000007f977573687 8 bytes [30, 03, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007f977573721 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess + 6 000007f977573727 8 bytes [10, 04, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007f977573751 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry + 6 000007f977573757 8 bytes [40, 02, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 000007f977573a61 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver + 6 000007f977573a67 8 bytes [E0, 01, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007f977573b21 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry + 6 000007f977573b27 8 bytes [50, 02, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007f977573b51 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey + 6 000007f977573b57 8 bytes [90, 04, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007f977573b61 5 bytes [FF, 25, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys + 6 000007f977573b67 8 bytes [A0, 04, 1E, 00, 00, 00, 00, ...] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 000007f977573b91 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair + 7 000007f977573b98 7 bytes [03, 1E, 00, 00, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007f977573ba1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 000007f977573c01 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007f977573c51 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 000007f977573c81 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 000007f977573c91 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007f977573fa1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007f9775741a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 000007f9775741b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f9775741d1 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread + 7 000007f9775741d8 7 bytes [04, 1E, 00, 00, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007f9775743b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007f9775743c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 000007f977574431 6 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem + 7 000007f977574438 7 bytes [02, 1E, 00, 00, 00, 00, 00] .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 000007f9775744a1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 000007f9775744b1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007f9775744c1 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Kamila\Downloads\tsj0num6.exe[300] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 000007f9775745d1 14 bytes {JMP QWORD [RIP+0x0]} ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa80044b02c0 Device \FileSystem\fastfat \Fat fffffa80044a62c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8BAF398E-D007-4A61-ADD8-E0C1559A9DA1} fffffa80044a82c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80044d12c0 Device \Driver\iaStorA \Device\RaidPort0 fffffa80044b22c0 Device \Driver\usbehci \Device\USBPDO-2 fffffa80044d12c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80044d12c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{65CF18E5-969B-44E3-B902-4F0DDF3876E7} fffffa80044a82c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80044a82c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{51578041-1843-4EA4-B30D-B87F9DA711E1} fffffa80044a82c0 Device \Driver\usbehci \Device\USBFDO-2 fffffa80044d12c0 Device \Driver\iaStorA \Device\ScsiPort0 fffffa80044b22c0 Device \Driver\iaStorA \Device\00000038 fffffa80044b22c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80044b22c0]<< sptd.sys storport.sys hal.dll iaStorA.sys fffffa80044b22c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004744060] fffffa8004744060 Trace 3 CLASSPNP.SYS[fffff8800134be0a] -> nt!IofCallDriver -> [0xfffffa80051fab10] fffffa80051fab10 Trace 5 hpdskflt.sys[fffff88002150339] -> nt!IofCallDriver -> \Device\00000038[0xfffffa8004ff0060] fffffa8004ff0060 Trace \Driver\iaStorA[0xfffffa8004ff4cd0] -> IRP_MJ_CREATE -> 0xfffffa80044b22c0 fffffa80044b22c0 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [624:6268] fffff960008205e8 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1648](2014-10-28 20:28:24) 000000006fbc0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1648](2014-10-28 20:28:24) 000000006e940000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1648](2014-10-28 20:28:24) 000000006a1c0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1648](2014-10-28 20:28:25) 000000006ff00000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1648](2014-10-28 20:28:25) 000000006efc0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [1648](2014-10-28 20:28:25) 000000006ed40000 Library C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20141030.001\BHEngine.dll (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [2700] (FILE NOT FOUND) 00000000660f0000 Library C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20141103.001\IDSxpx86.dll (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [2700] (FILE NOT FOUND) 0000000065cf0000 Library C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20141030.001\UMEngx86.dll (*** suspicious ***) @ C:\Users\Kamila\Downloads\tsj0num6.exe [300] (FILE NOT FOUND) 000000005e210000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----